Cyber Threat Actor: Le Duc Hoang Hai
| Actor Type | Location | Known Incidents |
Hacker
|
Viet Nam
|
1 incident |
|---|
Profile
Le Duc Hoang Hai, also knownsimply as Hai, is a Vietnamese individual identified as the perpetrator of a cyber intrusion against Perth Airport’s computer systems. The threat actor’s aliases and location are explicitly recorded as Le Duc Hoang Hai and Viet Nam, respectively. According to the reported incident, Hai obtained access by using the credentials of a third‑party contractor, which allowed him to enter the airport’s network and exfiltrate a significant amount of sensitive security data, including building schematics and details of physical security measures. The same source notes that Hai appeared to be attempting to steal credit card data from the airport’s systems, indicating a financial motive in that particular operation. In addition to the Australian target, Hai was found to have attacked infrastructure and websites within Vietnam, specifically targeting banks, telecommunications providers and an online military newspaper, demonstrating a pattern of targeting both critical infrastructure and commercial entities in his home country.
The intrusion relied solely on compromised contractor credentials as the initial access vector, with no reference to malware families, custom tooling or exploit kits in the available reporting. Authorities concluded that there was no indication Hai was working with a larger group, nor any evidence that he had sold or attempted to sell the stolen data, which points to a solo actor without apparent affiliation to a state‑sponsored program or a criminal consortium. The lack of observed malware or advanced tooling suggests his methodology centered on credential abuse rather than sophisticated technical payloads.
The most notable operation attributed to Hai is the March 2017 breach of Perth Airport, which prompted detection by the airport, notification to Australian cybersecurity authorities, coordination with Vietnamese law enforcement, his subsequent arrest, conviction in a Vietnamese military court and a sentence of four years imprisonment. Separately, his activities against Vietnamese banks, telecom firms and a military newspaper represent additional publicly reported operations that illustrate his repeated focus on infrastructure targets across different sectors. These cases collectively illustrate Hai’s use of third‑party access to obtain sensitive information, his apparent pursuit of financial gain through credit card data theft, and the absence of any verified links to broader threat actor networks or state actors.
