{ "id": "fb40f006-55c7-4103-8a63-eaefd012fc7a", "created_at": "2026-04-06T00:15:00.150393Z", "updated_at": "2026-04-10T03:37:19.206825Z", "deleted_at": null, "sha1_hash": "e81acf7cd329874bf40a81aae6274867e7d850fd", "title": "China 1937CN Team hackers attack airports in Vietnam", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 645553, "plain_text": "China 1937CN Team hackers attack airports in Vietnam\r\nBy Pierluigi Paganini\r\nPublished: 2016-07-31 · Archived: 2026-04-02 12:32:10 UTC\r\nThe group of hackers known as China 1937CN Team compromised the\r\nannouncement screen systems at many major airports in Vietnam.\r\nAccording to the 2015 version of the ‘Transportation Systems Sector-Specific Plan’ the transportation industry is\r\nincreasingly exposed to cyber threats.\r\nThe sector is becoming a privileged target of hackers worldwide, the last incident in order of time occurred in\r\nVietnam where a group of Chinese hackers has attacked the digital signage system causing serious problems with\r\nthe infrastructure.\r\nThe news was confirmed by the country’s Deputy Minister of Transport, Nguyen Nhat. The flight information\r\nscreens at both Noi Bai International Airport in Hanoi and Tan Son Nhat International Airport in Ho Chi Minh\r\nCity have been compromised by hackers that displayed offensive messages toward Vietnam and the Philippines,\r\nalong with “distorted information about the East Vietnam Sea.”\r\nhttp://securityaffairs.co/wordpress/49876/hacking/china-1937cn-team-vietnam.html\r\nPage 1 of 3\n\nAt the Tan Son Nhat International Airport, the attacker abused of the loudspeaker system to spread offensive\r\nmessages in English.\r\nAnother airport, the Da Nang International Airport experienced repeated glitches at its computer system. The\r\nauthorities reported other problems in the country, for example, airlines at 21 airports across Vietnam have had to\r\nswitch to manual processes to complete check-in procedures for passengers. Many flights had significant delays\r\nbecause the shutdown of check-in counters.\r\nSome airlines shut down some check-in counters completely—leading to flight delays.\r\n“A team of self-proclaimed Chinese hacker has compromised the announcement screen systems at many major\r\nairports in Vietnam, and hacked the website of the country’s national flag carrier, the Ministry of Transport\r\nconfirmed on Friday.” reported the Tuoi Tre News.\r\n“All Internet systems have been switched off so we had to do everything by hands,”\r\nSome local security experts also posted on their Facebook pages some photos showing that the VIP passenger\r\nsection on the website of Vietnam Airlines had also been hacked and defaced.\r\nThe screenshot posted online shows that that the hacker group, calling itself China 1937CN Team, sent “a warning\r\nmessage” for Vietnam and the Philippines.\r\nA source told the news outlet that personal data of some 411,000 passengers had been exposed.\r\nThis isn’t the first time that the China 1937CN Team hit the Vietnam, in May 2015 the same group hacked roughly\r\n1,000 Vietnamese websites, including 15 government portals and 50 education sites. In the same period, around\r\n200 websites in the Philippines were attacked by the China 1937CN Team hackers.\r\nMany Vietnamese security agencies and private firms have joined hands to support the Vietnam Airlines and\r\nprotect their assets from the attacks of groups of hackers like the China 1937CN Team.\r\nhttp://securityaffairs.co/wordpress/49876/hacking/china-1937cn-team-vietnam.html\r\nPage 2 of 3\n\n“Vietnam Airlines said it has deployed back-up plans to ensure safety and operations at airports.” continues the\r\npost.\r\n[adrotate banner=”9″]\r\nPierluigi Paganini\r\n(Security Affairs – China 1937CN Team, Vietnam)\r\nSource: http://securityaffairs.co/wordpress/49876/hacking/china-1937cn-team-vietnam.html\r\nhttp://securityaffairs.co/wordpress/49876/hacking/china-1937cn-team-vietnam.html\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "http://securityaffairs.co/wordpress/49876/hacking/china-1937cn-team-vietnam.html" ], "report_names": [ "china-1937cn-team-vietnam.html" ], "threat_actors": [ { "id": "f21d7691-a720-46bb-81d7-11edb9f73eba", "created_at": "2023-11-08T02:00:07.126478Z", "updated_at": "2026-04-10T02:00:03.420826Z", "deleted_at": null, "main_name": "1937CN", "aliases": [], "source_name": "MISPGALAXY:1937CN", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2c7ecb0e-337c-478f-95d4-7dbe9ba44c39", "created_at": "2022-10-25T16:07:23.690871Z", "updated_at": "2026-04-10T02:00:04.709966Z", "deleted_at": null, "main_name": "Goblin Panda", "aliases": [ "1937CN", "Conimes", "Cycldek", "Goblin Panda" ], "source_name": "ETDA:Goblin Panda", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "Agent.dhwf", "BackDoor-FBZT!52D84425CDF2", "BlueCore", "BrowsingHistoryView", "ChromePass", "CoreLoader", "Custom HDoor", "Destroy RAT", "DestroyRAT", "DropPhone", "FoundCore", "HDoor", "HTTPTunnel", "JsonCookies", "Kaba", "Korplug", "LOLBAS", "LOLBins", "Living off the Land", "NBTscan", "NewCore RAT", "PlugX", "ProcDump", "PsExec", "QCRat", "RainyDay", "RedCore", "RedDelta", "RoyalRoad", "Sisfader", "Sisfader RAT", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trojan.Win32.Staser.ytq", "USBCulprit", "Win32/Zegost.BW", "Xamtrav", "ZeGhost", "nbtscan" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434500, "ts_updated_at": 1775792239, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e81acf7cd329874bf40a81aae6274867e7d850fd.pdf", "text": "https://archive.orkl.eu/e81acf7cd329874bf40a81aae6274867e7d850fd.txt", "img": "https://archive.orkl.eu/e81acf7cd329874bf40a81aae6274867e7d850fd.jpg" } }