{
	"id": "b5676fb0-cb9c-4599-8e61-fa8231de5979",
	"created_at": "2026-04-06T00:10:12.57829Z",
	"updated_at": "2026-04-10T03:37:19.175567Z",
	"deleted_at": null,
	"sha1_hash": "9efcbb978be043fc14c5b2ce6b7c238169e50191",
	"title": "Chinese Hackers Attack Airports Across Vietnam",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29934,
	"plain_text": "Chinese Hackers Attack Airports Across Vietnam\r\nBy Tara Seals\r\nPublished: 2016-07-29 · Archived: 2026-04-05 17:49:16 UTC\r\nA group identifying as Chinese hackers has attacked digital signage screens, overhead announcement systems and\r\nairline systems at airports across Vietnam.\r\nThe country’s Deputy Minister of Transport, Nguyen Nhat, confirmed that flight information screens at both Noi\r\nBai International Airport in Hanoi and Tan Son Nhat International Airport in Ho Chi Minh City have been\r\ncompromised to display offensive messages toward Vietnam and the Philippines, along with “distorted\r\ninformation about the East Vietnam Sea.” At the latter airport, the loudspeaker system was also compromised to\r\nblare out offensive messages in English.\r\nThe Da Nang International Airport, the largest in central Vietnam, did not have its announcement system\r\ncompromised, but the computer system experienced repeated glitches. And further, airlines at 21 airports across\r\nVietnam have had to switch to manual processes to complete check-in procedures for passengers. Some airlines\r\nshut down some check-in counters completely—leading to flight delays.\r\nPhoto © Vytautas Kielaitis/Shutterstock.com\r\n“All Internet systems have been switched off so we had to do everything by hand,” an airline attendant at Tan Son\r\nNhat airport told a local news outlet.\r\nThe VIP passenger section on the website of Vietnam Airlines was also hacked and defaced, and one source told\r\nthe news outlet that personal data of some 411,000 passengers had been lifted as well.\r\nThe perpetrators are claiming credit as the China 1937CN Team. The widespread campaign is “a warning\r\nmessage” for Vietnam and the Philippines, they said.\r\nIn May 2015, some 1,000 Vietnamese websites were attacked by the same group, including 15 government-run\r\nplatforms and 50 education sites. Around 200 websites in the Philippines were also attacked in the same period,\r\nbetween May 30 and 31, 2015.\r\nSource: https://www.infosecurity-magazine.com/news/chinese-hackers-attack-airports/\r\nhttps://www.infosecurity-magazine.com/news/chinese-hackers-attack-airports/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.infosecurity-magazine.com/news/chinese-hackers-attack-airports/"
	],
	"report_names": [
		"chinese-hackers-attack-airports"
	],
	"threat_actors": [
		{
			"id": "f21d7691-a720-46bb-81d7-11edb9f73eba",
			"created_at": "2023-11-08T02:00:07.126478Z",
			"updated_at": "2026-04-10T02:00:03.420826Z",
			"deleted_at": null,
			"main_name": "1937CN",
			"aliases": [],
			"source_name": "MISPGALAXY:1937CN",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2c7ecb0e-337c-478f-95d4-7dbe9ba44c39",
			"created_at": "2022-10-25T16:07:23.690871Z",
			"updated_at": "2026-04-10T02:00:04.709966Z",
			"deleted_at": null,
			"main_name": "Goblin Panda",
			"aliases": [
				"1937CN",
				"Conimes",
				"Cycldek",
				"Goblin Panda"
			],
			"source_name": "ETDA:Goblin Panda",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"Agent.dhwf",
				"BackDoor-FBZT!52D84425CDF2",
				"BlueCore",
				"BrowsingHistoryView",
				"ChromePass",
				"CoreLoader",
				"Custom HDoor",
				"Destroy RAT",
				"DestroyRAT",
				"DropPhone",
				"FoundCore",
				"HDoor",
				"HTTPTunnel",
				"JsonCookies",
				"Kaba",
				"Korplug",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"NBTscan",
				"NewCore RAT",
				"PlugX",
				"ProcDump",
				"PsExec",
				"QCRat",
				"RainyDay",
				"RedCore",
				"RedDelta",
				"RoyalRoad",
				"Sisfader",
				"Sisfader RAT",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trojan.Win32.Staser.ytq",
				"USBCulprit",
				"Win32/Zegost.BW",
				"Xamtrav",
				"ZeGhost",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434212,
	"ts_updated_at": 1775792239,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9efcbb978be043fc14c5b2ce6b7c238169e50191.pdf",
		"text": "https://archive.orkl.eu/9efcbb978be043fc14c5b2ce6b7c238169e50191.txt",
		"img": "https://archive.orkl.eu/9efcbb978be043fc14c5b2ce6b7c238169e50191.jpg"
	}
}