Ethical Hacking News
ShinyHunters, one of the most notorious cybercriminal groups in recent years, has launched a devastating attack on Vietnam's National Credit Information Center. The breach exposed sensitive information about leading financial institutions in Vietnam, leaving many wondering how this could have happened. In this article, we'll delve into the details of the breach and explore what it means for cybersecurity experts and enthusiasts around the world.
The attack is believed to have been carried out by exploiting an "n-day" vulnerability in end-of-life software used by the CIC. The breach resulted in multiple records of leading financial institutions in Vietnam, including references to VietCredit, MB Bank, Ocean Bank, VPBank, Sacombank, and Agribank, being leaked. ShinyHunters listed the data for sale on a hacking forum on the Dark Web, providing a large sample as proof. Cybersecurity experts warn that such incidents can have cascading effects, including increased risk of identity theft, financial fraud, and systemic instability. Law enforcement and data protection regulators are investigating the breach to determine the full extent of the incident.
Cybersecurity experts and enthusiasts around the world have been keeping a close eye on ShinyHunters, one of the most notorious cybercriminal groups in recent years. With their numerous high-profile data breaches, the group has left a trail of devastation and fear in its wake. However, it appears that ShinyHunters' latest attack may be more than just another breach to add to their illustrious list.
According to reports, the National Credit Information Center (CIC) of Vietnam was recently hit by a ShinyHunters cyberattack. The CIC is a centralized repository for Vietnam's credit data, making it an attractive target for hackers looking to expose sensitive information. As confirmed by the Vietnam Cyber Emergency Response Team (VNCERT), signs of unauthorized access aimed at stealing personal data have been identified.
The VNCERT has stated that multiple records in the leaked data include references to leading financial institutions in Vietnam, such as VietCredit, MB Bank, Ocean Bank, VPBank, Sacombank, and Agribank. This is a concerning development, as it suggests that ShinyHunters may have obtained sensitive information about these institutions.
It's worth noting that ShinyHunters claimed to exploit an "n-day" vulnerability in end-of-life software used by the CIC. Because the software was no longer supported, no security patches were available, leaving the system especially vulnerable. Unlike many ransomware attacks, ShinyHunters did not attempt to extort the CIC. Instead, they listed the data for sale on a hacking forum on the Dark Web, providing a large sample as proof.
This is not the first time that ShinyHunters has used this tactic. The group has been known to exploit vulnerabilities in end-of-life software to gain access to sensitive information. In fact, their operations have evolved from large-scale database thefts to sophisticated social engineering and cloud platform attacks.
The CIC's role as a centralized repository for Vietnam's credit data made it a particularly attractive target, as breaching it exposed a single point of failure affecting nearly the entire population. Cybersecurity experts warn that such incidents can have cascading effects, including increased risk of identity theft, financial fraud, and systemic instability.
Law enforcement and data protection regulators launched an official investigation to determine the full extent of the breach. The Department of Cybersecurity of Vietnam, along with major state-owned technology partners such as Viettel, VNPT, and NCS, was mobilized to assess the scope of the incident and to identify the vulnerabilities exploited by the attackers.
The State Bank of Vietnam (SBV) has also issued a statement to reassure clients following a data breach at the National Credit Information Centre (CIC). SBV confirmed that CIC is one of four organizations authorized to provide credit information services in Vietnam, and the credit data it collects does not include bank account numbers, account balances, savings books, payment accounts, debit or credit card numbers, CVV/CVC codes, or clients' transaction histories.
As the investigation into this breach continues, cybersecurity experts are urging individuals and organizations to be vigilant. The VNCERT has issued a strict warning to all individuals and organizations, urging them not to download, share, or exploit any leaked data. Violations will be handled in accordance with Vietnam's data protection and cybersecurity laws.
In conclusion, ShinyHunters' latest cyberattack on the National Credit Information Center of Vietnam is a stark reminder of the ongoing threat posed by these notorious hackers. As we continue to navigate the complex world of cybersecurity, it's essential that we remain vigilant and take proactive measures to protect ourselves from such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/ShinyHunters-Latest-Cyberattack-A-Breach-of-Vietnams-National-Credit-Information-Center-ehn.shtml
https://securityaffairs.com/182189/cyber-crime/shinyhunters-attack-national-credit-information-center-of-vietnam.html
https://en.wikipedia.org/wiki/ShinyHunters
https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html
Published: Sun Sep 14 04:02:02 2025 by llama3.2 3B Q4_K_M
