Vietnamese government agents tried to plant spyware on the phones of members of Congress, American policy experts and U.S. journalists this year in a brazen campaign that underscores the rapid proliferation of state-of-the-art hacking tools, according to forensic examination of links posted to Twitter and documents uncovered by a consortium of news outlets that includes The Washington Post.
Targeted were two of the most influential foreign policy voices on Capitol Hill: Foreign Affairs Committee Chairman Rep. Michael McCaul (R-Tex.) and Sen. Chris Murphy (D-Conn.), a member of the Foreign Relations Committee and chair of its subcommittee on the Middle East. Also targeted were Asia experts at Washington think tanks and journalists from CNN, including Jim Sciutto, the outlet’s chief national security analyst, and two Asia-based reporters.
The targeting came as Vietnamese and American diplomats were negotiating a major cooperation agreement intended to counter growing Chinese influence in the region, when Vietnamese diplomats would have been particularly interested in Washington’s views on China and issues in Asia. President Biden signed the agreement in September during a visit to Vietnam.
The State Department did not respond to a question about whether it had raised the spyware issue with the Vietnamese government, but said in a statement that the agreement would give the United States a forum for such a discussion. A CNN spokeswoman declined to answer emailed questions about the targeting. None of the targeted individuals contacted by The Post said their devices had been infected.
The spies used the social network X, formerly known as Twitter, to try to induce the politicians and others to visit websites designed to install a hacking software known as Predator, according to the probe.
Like its better-known competitor Pegasus, Predator is a powerful and hard to detect surveillance program that can turn on the microphones and cameras of Apple iPhones and devices running on Google’s Android software, retrieve all files and read private messages, even when they are end-to-end encrypted.
Predator is distributed by an evolving network that includes the European company Intellexa and a related firm, Cytrox, both of which the U.S. Commerce Department added in July to its “Entity List,” a designation that requires U.S. businesses to seek a license before doing business with them. Officials were acting under a March executive order that set out policies to encourage “the use of commercial spyware … consistent with respect for the rule of law, human rights, and democratic norms and values.”
The new hacking attempts followed lengthy conversations and technology shipments between Vietnamese agencies and subsidiaries of the spyware’s creators, according to documents made available to the Paris-based news outlet Mediapart and the Hamburg-based weekly Der Spiegel. Amnesty International uncovered the extent of the hacking attempts and shared its findings with The Post and 14 international media outlets whose investigation was coordinated by European Investigative Collaborations, a journalism consortium.
“Through all the evidence and documents we have seen we believe that Predator was sold from Intellexa through several intermediaries to the Vietnamese Ministry of Public Security,” Donncha Ó Cearbhaill, head of Amnesty’s Security Lab, told The Post. The Vietnamese government declined to comment.
Vietnam has been implicated in other hacking campaigns, including against human rights activists in other countries. It also has used commercial spyware programs previously. In 2020, the University of Toronto’s Citizen Lab said it had detected a Vietnamese installation of a hacking program from Circles, which like Cytrox and Intellexa was founded by Israeli military hacking veteran and entrepreneur Tal Dilian. Dilian had previously sold Circles to Francisco Partners, which combined it with NSO Group, the owner of Pegasus. Francisco Partners sold the merged company in 2019.
Dilian, Cytrox, Intellexa and Intellexa director Sara Hamou did not respond to questions from European Investigative Collaborations. In the past, Dilian has said he sells to “good guys” who sometimes misbehave.
The Biden administration found the targeting of members of Congress very concerning, said an official who spoke on the condition of anonymity because of the sensitivity of the matter. He said that 50 U.S. officials serving abroad were known to have been targeted previously with commercial spyware, a key factor leading to the March executive order. The recent campaign vindicates the decision to add Cytrox and Intellexa to the entity list alongside NSO Group, which was added in 2021, the official said.
The intended U.S. victims who responded to questions from The Post all said they never saw the links that would have installed the hacking program or believed they did not click on them, and no evidence has emerged that the hacking tries succeeded. But the effort was surprisingly public, with the links posted by an anonymous account on X in replies to the targets’ tweets or in replies that tagged the targets.
Top-tier spyware vendors and buyers almost always strive to keep their campaigns secret to avoid repercussions and to reuse the techniques and infrastructure. Even in this case, anyone who clicked would have been infected with only an early-stage tool that would screen out unintended victims, investigators said.
X did not comment when asked about the campaign.
The malicious account on X bore the handle @Joseph_Gordon16. It deleted many of the tweets within a day or two, likely to avoid detection. The account vanished entirely in recent weeks, after journalists began asking Cytrox and Intellexa executives about it.
“As a Predator customer is clearly in the process of learning in a painful way, exploiting across Twitter is a terrible idea,” said researcher John Scott-Railton of Citizen Lab, which did its own investigation and said it agreed with Amnesty’s findings. “The fact that would even happen proves Predator is still going to reckless operators.”
The EIC’s Predator Files investigation found that the companies selling Predator also offered the capability to infect devices through WiFi wireless networks and through websites or telecom networks under national control.
Bills are being considered in Congress and in other countries to attempt stronger oversight of the spyware industry after rampant abuses have been uncovered in Mexico, Greece, Saudi Arabia and elsewhere. While companies such as Cytrox and NSO Group say they sell only to governments and forbid misuse, their clients have used the spy gear against nonviolent activists, journalists and political figures. NSO has said it has terminated customers for improper targeting.
Both Predator and Pegasus can be delivered in ways that require a target to click, as in this case, or with no interaction, which requires knowledge and exploitation of a security flaw that has been undiscovered by phone makers or has not yet been fixed with a software update. Those exploits can cost millions of dollars by themselves to develop or buy, which is another reason the hacks are usually reserved for the highest-value targets and kept stealthy.
Acting on a tip from Google, which first spotted the campaign in late May, Citizen Lab found a half-dozen replies on X that could have led to infections. Scott-Railton said the links went to sites that connected to pages that had installed Predator previously, including in a recent attempt to hack a phone belonging to an opposition presidential candidate in Egypt.
Amnesty said it found 59 replies and tweets tagging targets around the world that contained the link, including more than a dozen aimed at people in the United States. It shared its findings with the media outlets.
In addition to McCaul and Murphy, the members of Congress targeted included U.S. Sens. John Hoeven (R-N.D.) and Gary Peters (D-Mich.). Even if they had clicked on the link, they might not have been infected if they had done so from a phone set up in the United States; some creators of spyware, notably NSO Group, say their tools are designed not to work against phones with U.S. numbers. Apple’s optional Lockdown Mode, which limits some iPhone functions, has so far blocked multiple methods used to deliver Predator to targets, according to Citizen Lab. That is no guarantee for the future, however, and some infections may have occurred already without detection.
Leslie Shedd, a spokeswoman for McCaul, said the congressman doesn’t manage his own social media accounts and would not have seen the targeting tweet. She added that staffers who operate his Twitter account would not have clicked on the link.
An aide to Murphy confirmed that Google had notified his office of the targeting attempt but said that no one in the office had clicked the link “to the best of our knowledge.”
Peters’ office said in a statement that it was aware of the link but did not believe it had been targeted or compromised.
Kami Capener, a spokeswoman for Hoeven, said “We have not been made aware of an attempted spyware attack on our office.”
A screenshot shows that on April 14, a few hours after Hoeven met Taiwanese President Tsai Ing-wen and the Taiwanese president posted about it on X, the Joseph Gordon account replied, citing what it said was a relevant news article. “US defence contractors visiting Taiwan in May to boost security tie-up,” the article was headlined, seemingly in the South China Morning Post. But the link sent by the X account led to an impostor website that could have installed Predator, Amnesty said, adding that both Hoeven and Tsai would have received the link.
Citizen Lab said that over the weekend of Sept. 30, after contacts from reporters, more than half of Cytrox’s active servers for distributing the spyware were taken offline. “I’d describe this as a radical shutdown,” said Scott-Railton.
A person familiar with Google’s probe, speaking on the condition of anonymity to avoid being targeted, said the would-be hackers might have chosen to send public links to a member of Congress or other high-profile targets because such a link might seem less suspicious than an out-of-the-blue text message or email. In addition, the preview of the link that appeared in the tweet might have made it look more genuine.
But Scott-Railton said he thought the attempts probably were carried out by someone with little experience. In a forthcoming post, Citizen Lab writes: “We believe that targeting using mercenary spyware 1-click links via public-facing posts is quite rare because of the substantial risk of discovery and exposure, as well as the possibility of a link being crawled and clicked by the wrong party or service.”
The same technique was used over Twitter in Kenya in 2015, targeting a political candidate, but neither Google nor Citizen Lab could identify a similar public attack in the intervening years. Meta said it has detected public comments with links to powerful spyware on its platforms, but not by top-tier national attackers.
In addition to exposing more Predator customers, the investigation into the Vietnamese campaign revealed at least one new way of attacking a phone, which has been fixed as a result, according to a person familiar with Google’s work.
The Google team tried visiting the dangerous links from a variety of test devices and was able to infect an Android phone with a first stage of malware. That infection came via a previously unknown flaw in the Chrome web browser, which Google studied and patched within days, the person said.
Google’s Threat Analysis Group, which specializes in the most serious attacks, spotted the campaign on May 23 or 24, about a day after a suspicious link was posted. In addition to initiating its own investigation, the team notified X and Citizen Lab.
Apparent targets, including those in the House and Senate, would have received a notification from Google beginning in June stating that a nation-state attack attempt had been detected. Those alerts go out monthly and do not identify the method or likely perpetrator.
Relations between Vietnam and the United States, once warring rivals, have warmed in recent years, but the upgraded partnership Biden signed in Hanoi in September was a significant shift. The Biden administration had made signing a “comprehensive strategic partnership” with Vietnam a top priority, and the accord placed Washington on the same level as Beijing and Moscow within Hanoi’s hierarchy of international relations.
Vietnam retains deep ties to China, a fellow communist power that has also embraced state-driven capitalism. But Hanoi has pushed back against Chinese claims over the South China Sea and has indicated it is open to new friends. The new deal will help the United States diversify its supply chain away from China, with U.S. technology companies indicating a willingness to invest in advanced semiconductor manufacturing in Vietnam. Google is interested in investing, and Apple is ramping up production of MacBooks and other hardware in the country.
The effort to deepen ties with Washington would have made insight into U.S. thinking on China and Taiwan important for Vietnam. Senior lawmakers whose congressional committees are nodes for lobbying and communications with the White House, State Department and Department of Defense would have been natural targets, staffers said. So too would be analysts at think tanks who are often in close contact with decision-makers.
Amnesty determined that an Asia expert at the German Marshall Fund of the United States was targeted by the Joseph Gordon account, along with the Asia Maritime Transparency Initiative at the Center for Strategic and International Studies, a Washington-based think tank. “We checked and see no evidence that these attempts to penetrate our network were successful,” CSIS spokesman Andrew Schwartz said. “Attempts are common given the nature of our work.” The German Marshall Fund declined to comment.
Amnesty concluded that the Joseph Gordon account “was acting on behalf of Vietnamese authorities or interest groups.” Google said the technical infrastructure that Amnesty was tracking “is associated with a government actor in Vietnam.”
A Facebook account labeled Anh Tram, aimed at Vietnamese speakers, linked to some of the same Predator pages, according to investigators for Meta, Facebook’s parent company. They said that they had linked the operation to previous Predator infection attempts. The account was recently deleted.
Researchers said the clumsy Predator attacks allowed them to identify new customer nations and attack vectors. Amnesty said it found new technical indicators of customers, targets or both in Vietnam, Indonesia, Egypt, Madagascar, Kazakhstan, Sudan, Mongolia and Angola. Previous research by Citizen Lab had pointed to the first four and to Saudi Arabia, Oman, Greece, Serbia, Armenia, Germany, Colombia, Philippines, Ivory Coast and Trinidad and Tobago.
U.S. Rep. Jim Himes, a Connecticut Democrat on the Intelligence Committee, said the attempted spying on his colleagues was not surprising by itself. But he said it is a sour reminder that efforts to regulate high-end spyware are progressing more slowly than is the capability of countries to wield it.
“It’s quite possible that this technology can be developed faster than our ability to detect it as a threat and put its maker on the entity list,” said Himes, who has a bill under consideration in the House that would punish countries that use spyware against U.S. officials.
“It’s pretty uncomfortable for us to worry about nation-states we normally wouldn’t worry about,” Himes said, adding that the United States and other large countries also spy through hard-to-detect software. “We do this, but it’s subject to immense amounts of oversight, usually consistent with our values, which are good values.”
The documents obtained by Mediapart show that Vietnam’s Ministry of Public Security signed a deal for “infection solutions” with a company from what was called the Intellexa Alliance in 2020. The two-year deal, known to Intellexa executives as “AnglerFish,” brought in 5.6 million euros or nearly $6 million. Later documents indicate that an extension was discussed for “Blue Arrow,” a brand name Intellexa used to market Predator.
The documents also raise questions about the effectiveness of spyware regulation by the European Union. Managers from the French firm Nexa and their Dubai-based sister company, Advanced Middle East Systems, which was part of the Intellexa Alliance from at least 2019 to 2021, arranged the sale of Predator to Vietnam, documents show.
In 2018, Nexa employees discussed the difficulties of shipping surveillance technology for a live demonstration to Vietnam without having obtained the required dual-use license. Then one of the company executives suggested bringing the technology in carry-on-luggage. “We have done that many times,” he wrote.
When a deal closed two years later, a Nexa executive announced it in a chat and Dilian responded “Wooow!!!!” French officials including a member of the European Parliament would later be targeted with Vietnam’s Predator.
Nexa, which has also supplied French intelligence services, declined to respond to questions about specific deals with Vietnam but told the EIC that it respects “all applicable regulations” governing spyware exports. Nexa said it had stopped selling offensive spyware such as Predator in the third quarter of 2021.
“This case shows that the E.U. regulatory regime is failing to prevent powerful spyware being developed, financed and exported from Europe globally,” Ó Cearbhaill said. “It is clear that Intellexa has been willing to sell Predator to governments with a history of abusing cyber-surveillance tools to spy on innocent dissidents, politicians or activists.”
Yann Philippin is an investigative reporter for the French online outlet Mediapart. Rafael Buschmann and Nicola Naber are investigative reporters for the German weekly Der Spiegel. They are members of the European Investigative Collaborations network (EIC), which brings together 11 European media outlets for cross-border investigations.
This article is part of the “Predator Files,” an investigative project based on hundreds of confidential documents obtained by Mediapart and Der Spiegel. The project was undertaken by 15 news outlets coordinated by EIC, with the technical assistance of the Security Lab of Amnesty International. It reveals the inside story of Intellexa, an alliance of surveillance vendors operating in Europe that sold powerful spyware like Predator to authoritarian regimes.
Participating media are EIC members Mediapart (France), Der Spiegel (Germany), NRC (Netherlands), Politiken (Denmark), Expresso (Portugal), Le Soir and De Standaard (Belgium), VG (Norway), Infolibre (Spain) and Domani (Italy), and their partners The Washington Post, Shomrim (Israel), Die Wochenzeitung (Switzerland), Reporters United (Greece) and Daraj Media (Lebanon).