Cyber Incident Victim: Vietnam Post

Vietnam Post, the state-owned postal service of Vietnam, experienced a ransomware attack on June 4, 2024, disrupting its postal and delivery operations for several days. The attack compromised critical systems but left financial services, administrative functions, and goods distribution networks operational. Upon detecting the intrusion, Vietnam Post immediately notified national security authorities and disconnected its IT infrastructure to contain the breach. The organization collaborated with government agencies and domestic cybersecurity experts to isolate affected systems, protect customer data, and initiate recovery procedures. While services were fully restored following these efforts, the company did not disclose attribution details or confirm whether ransom demands were made. This incident followed a prior security lapse in November, when researchers identified exposed security logs containing 226 million events (1.2 terabytes of real-time data), accessible employee email addresses, and an unprotected Kibana dashboard—vulnerabilities that remained unaddressed for at least 87 days.

The cyberattack occurred amid a broader escalation of digital threats within Vietnam, with the National Cyber Security Centre reporting 13,900 incidents in 2023—a near 10% annual increase. Ransomware operators increasingly targeted government entities, financial institutions, and critical infrastructure providers, exemplified by three major data encryption attacks since late March 2024 against securities broker VnDirect, petroleum distributor PVOil, and an unnamed telecommunications firm. In response to this trend, Vietnam’s Prime Minister issued an April directive mandating cybersecurity assessments across ministries and local government bodies. The postal service’s restoration of operations concluded the immediate crisis, though the organization’s history of unmitigated vulnerabilities highlighted systemic challenges in Vietnam’s cyber defense posture.