Vietnam’s state postal service claims to restore its systems after cyberattack

The Vietnamese government-owned postal service has restored operation of its services after they were down for several days due to a cyberattack.

Vietnam Post was reportedly hit by ransomware on June 4, affecting the operation of its postal and delivery services. At the time, the company reported that its financial, administrative, and goods distribution services were unaffected by the attack.

Local media reported Vietnam Post worked with government agencies and local cyber experts to contain the incident, safeguard customers' data, and restore its systems. 

Upon discovering the incident, it contacted the country’s security authorities and disconnected its IT system to isolate the breach.

Vietnam Post hasn’t disclosed who they believe is behind the attacks or if the hackers demanded a ransom.

This is not the first time the postal service has experienced a digital intrusion. Last November, researchers discovered the company left its security logs and employee email addresses accessible to external users.

The researchers also spotted Vietnam Post’s open Kibana visualization dashboard used for data search and analytics. At the time of discovery, the data contained 226 million logged events, amounting to 1.2 terabytes of data, which was being updated in real time. The data was left accessible for at least 87 days, making the company vulnerable to cyber threats.

According to local security officials, Vietnam has seen an uptick in cyberattacks, especially those involving ransomware. Last year, the country recorded more than 13,900 cyber incidents — almost a 10% increase year-on-year, Vietnam’s National Cyber Security Centre (NCSC) said.

The hackers mainly target government agencies, banking services, financial institutions, and industrial systems. Since late March, Vietnam has experienced at least three large-scale data encryption attacks targeting major companies, including VnDirect — one of its largest securities brokers, gasoline retailer PVOil, and a local telecommunications service provider.

In April, the country’s prime minister issued a directive requesting ministries and local government agencies to review and assess the current cybersecurity situation.