The rights group says that the unlawful digital surveillance and attack campaigns targeting activists underscores an intensifying assault on free speech.
Global human rights watchdog Amnesty International said on Wednesday that Ocean Lotus, a group with ties to the Vietnamese government, has been involved in hacking attacks targeting activists and an NGO.
The accusations highlight how authorities could resort to unlawful digital surveillance to keep tabs on activists and government critics.
The suspected attacks took place between 2018 and November 2020. They targeted two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, Amnesty said.
Blogger and pro-democracy activist Bui Thanh Hieu was targeted with spyware at least four times between February 2018 and December 2019, it revealed.
He left Vietnam and has lived in Germany since 2013.
It said another blogger based in Vietnam, who was not named due to fears for their safety, was targeted three times last year.
A Philippines-based nongovernmental organization, the Vietnamese Overseas Initiative for Conscience Empowerment, or VOICE, was targeted by hackers in April 2020, the report said.
Amnesty said the activists and the NGO were sent emails pretending to share an important document with a link to download a file. These files included spyware for Mac OS, Android and Windows operating systems — thereby covering the vast majority of mobile devices and computer operating systems.
Amnesty said its analysis of the malicious emails showed Ocean Lotus was responsible for sending them.
"These latest attacks by Ocean Lotus highlight the repression Vietnamese activists at home and abroad face for standing up for human rights," Likhita Banerji, researcher at Amnesty Tech, said in a statement on the NGO's website. "This unlawful surveillance violates the right to privacy and stifles freedom of expression," she added.
Amnesty urged the Vietnamese government to investigate.
According to the cybersecurity company Volexity, OceanLotus was identified as a Vietnam-based hacking group in 2015.
The group is suspected of staging sophisticated, widespread digital surveillance and attack campaigns since 2013.
While Ocean Lotus has not gained the level of notoriety in the West as suspected Chinese and Russian state-backed hacking operations, it has been prolific in Southeast Asia.
Reuters reported last year that the group had attempted to break into China's Ministry of Emergency Management and the government of Wuhan as the COVID-19 outbreak first spread.
Rights groups have long urged Vietnam to cease its repressive activities towards critics.
The targeting of human rights defenders using digital surveillance technology is unlawful under international human rights law, Amnesty pointed out. Unlawful surveillance violates the right to privacy and impinges on the rights to free speech and assembly, it noted.
Vietnam, however, is one of the last remaining communist single-party states in the world where the government doesn't tolerate public criticism and dissent.
sri/msh (AP, Reuters)