Cyber Incident Victim: Long Son Petrochemicals
Date:
Mar 2023
Location:
Viet Nam
Summary
A cyber incident involving Long Son Petrochemicals and affiliated firms resulted in unauthorized exposure of sensitive data on BreachForums by a user known as Kernelware, disclosing corporate schematics, infrastructure blueprints, employee information, and legal agreements. The attacker stated the leak was intentionally released publicly without financial motive, citing personal amusement, and acknowledged affiliated entities beyond the primary three organizations were impacted. This event aligns with Kernelware’s broader pattern of publicly leaking data from multiple entities, including prior incidents targeting technology firms and financial subsidiaries, though attribution methods remain undisclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 14, 2023, a forum user known as Kernelware published a post on BreachForums claiming to leak data from three Vietnamese petroleum and infrastructure firms, including Long Son Petrochemicals, PetroVietnam, and POSCO Engineering & Construction. The leak announcement, posted early on March 14, included technical schematics, business registration documents, employee information, and contractual agreements, with samples indicating files bore markings from all three entities related to a shared project. Kernelware stated the leak also encompassed smaller affiliated companies but did not clarify whether the data originated from a single compromised server or multiple sources. The actor openly shared the data without attempting extortion, explicitly refusing ransom demands or sales, stating the leak was motivated by disinterest in financial gain. No evidence suggested prior notification to the affected organizations, and PetroVietnam did not immediately respond to an inquiry from DataBreaches.net regarding the breach.
Kernelware had a documented history of breach-related activity on BreachForums, having joined in August 2022 and routinely sharing free data leaks, tutorials, and occasional databases for sale. In the weeks preceding the Petrochemicals incident, they leaked data attributed to Acer Taiwan, HDFC Bank’s subsidiary HDB Financial Services (later correcting a misattribution), and 21 GB of diagnostic data from Acronis linked to compromised credentials of a single customer. Following the Vietnam leak, Kernelware announced a temporary hiatus from leaking due to upcoming examinations. While Acronis confirmed limited exposure from its incident during the same period, no public statements from PetroVietnam, Long Son Petrochemicals, or POSCO Engineering & Construction were noted in the source material regarding breach validation, containment measures, or operational impacts. The leak’s full scope and technical root cause remained unconfirmed by the involved entities at the time of reporting.