Vietnamese agents may be behind a global spyware campaign targeting officials, civil society and journalists around the world using EU-made malware, Amnesty International said Monday.
The NGO detailed in a report how a Vietnam-linked account on Twitter, now X, tried to infect the phones of dozens of people and institutions — including overseas Vietnamese journalists, EU and US officials and Taiwanese President Tsai Ing-wen — with malware called Predator.
Amnesty has worked with media outlets and cybersecurity experts to investigate the Predator software, which is marketed by an alliance of companies with French and Israeli connections and bases across Europe.
The malware, like the Pegasus spyware from Israeli firm NSO that caused a global scandal in 2021, takes control of the camera and microphone of an infected phone, turning it into a pocket spy.
French news outlet Mediapart, which broke the initial story last week in a joint investigation with Germany's Spiegel magazine, said Predator had been sold to governments from Egypt to Qatar, the United Arab Emirates and Pakistan.
The malware was also found on the phones of an Egyptian activist and a Greek journalist as far back as 2021, according to the news reports.
'Mysterious and dangerous'
Amnesty said such surveillance technology was fundamentally inconsistent with human rights.
Amnesty advocacy officer Katia Roux told AFP the EU was "completely failing" to regulate this sector.
"We call for a ban on this software and a moratorium on all other surveillance software," she said.
The malware was sold to someone at the Vietnamese Ministry of Public Security in 2020 for 5.6 million euros ($5.9 million), according to Mediapart and Amnesty.
The investigations "suggest that agents of the Vietnamese authorities, or persons acting on their behalf, may be behind the spyware campaign".
It was unclear whether the campaign, which Amnesty said had targeted more than 50 individuals and institutions between February and June this year, had succeeded in infecting any targets.
Predator was initially created by a North Macedonian firm called Cytrox, Amnesty said in its report released on Monday titled "The Predator Files: Caught in the Net".
The tech was eventually marketed by the Intellexa group, described by Amnesty as a "complex, morphing group of interconnected companies" which was set up by a former Israeli soldier and incorporated in Ireland.
Intellexa later formed an alliance with French umbrella group Nexa to market spyware in what Spiegel said was probably "one of the most mysterious and dangerous ventures in Europe".
In July, the US blacklisted both Cytrox and Intellexa warning that their software was "threatening the privacy and security of individuals and organisations worldwide".