Table of Contents



In the first half of 2021, VCS-Threat Intelligence recorded and investigated many serious large-scaled APT attacks (Advanced Persistent Threat), particularly as follows :

  • Critical level :

- January 2021: Warning the attack campaign of an APT group targeting security researchers, using 0-day vulnerability exploiting RCE of Google Chrome based on Visual Studio Project.

- February 2021:

Warning about an APT attack campaign targeting end-users, the threat actors took advantage of some update issues from NoxPlayer. During the campaign, BigNox's infrastructure was used to spread out malware.

Warning about the new activity of the APT32 group has been recorded in cyberspace. The APT32 group used the malware that took advantage of the ActiveMime format to download Cobalt Strike to attack Vietnamese users.

- March 2021: Warning about the KerrDown Malware sample of the APT32 group targeting Vietnamese users.

- April 2021: Warning on an attack campaign of Chinese APT groups from June 2020 to January 2021, targeting Vietnam government and military organizations.

- May 2021

The APT 1937CN group carried out a targeted attack on Vietnam to take advantage of documents related to politics in Vietnam.

A massive attack campaign by an unidentified APT group targeted Vietnam. As tracked by VCS-Threat Intelligence, there have been many cases of successful exploitation.

Dozens of malware variants of Chinese APT groups that are increasingly improved compared to previous models. This type of malware was used for cyberattacks targeting organizations and individuals in Vietnam during the Supply Chain attack campaign in late 2020 and the NoxPlayer emulator in early 2021.

  • Medium level :

-  Warning on new activities of a Chinese APT group that directly attack Russia. The history of the attack has many similarities with the campaigns against Vietnam from the past.

-  Warning Poison Ivy malware of China APT attacks many infrastructures around the world. The malware used has many similarities with the Supply Chain attack sequence targeting NoxPlayer users in early 2021.

Regarding data breach, VCS - Threat Intelligence recorded many risks occurring in the first half of 2021 as follows :

  • Critical level :

-  The risk of leaked data containing more than 77 million customer information was being offered for sale in the cyberspace of users who have registered or used NitroPDF's services.

-  The dataset contains more than 1 million account information of many websites was commercialized in cyberspace.

-  A leak of 17GB of KYC data of users in Vietnam, thousands of identity cards are for sale in cyberspace.

  • Medium level :

-   A significant amount of customers' personal information has appeared in many data sets in the form of Combolist.

-   On the RaidForums forum, data related to Vietnam was advertised for sale with titles such as :

+ 8.38 million records of population data and 2.8 million records of Vietnamese businesses.

+ Top secret documents of Vietnam Ministry of Public Security and the Ministry of Defense.

+ 2 million user data from electronics retailers.

+ Data set of 50,000 users from financial networking platform TIMA.

In general, the first half of 2021 recorded massive data breaches of large enterprises in Vietnam (banking, finance, retail). The cause is considered to stem from :

- Customer's use of internal email to register for services from third parties.

- Personal computers or internal computers were infected with malware and in the botnet.


In the first half of 2021, phishing attacks and impersonation were executed powerfully. Phishing attacks increase in frequency and complexity, posing a significant threat to all organizations, primarily targeted phishing attacks against financial institutions, banks, electronic payment gateways, e-wallets. According to statistics on the VCS - Threat Intelligence system, in the first six months of 2021, nearly 3,000 malicious domains and impersonation were recorded, three times higher than the same period last year.

The number of phishing, impersionate attacks in the first 6 months of 2021

Phishing attacks are divided into 2 main types according to attack methods:

  • By social networking platforms: The threat actors impersonated buyers on sales groups and pages, having      asked victims to make online money transfers, tricked victims into      accessing malicious links, or take advantage of commercially rewarding      programs, winning gifts to ask victims to provide personal information.
  • By SMS Brandname spoofing: This is one of the most popular phishing techniques these days, using fake identity messages (SMS Brandname) to deceive users, creating the belief that this is a message from the authentic system, enticing them to log into a fake website to steal their personal information.

DDoS (Distributed Denial of Service) attacks in Vietnam. Statistics of attacks by attack traffic in the first six months of 2021


The global cybersecurity market reached 162.5 billion USD in 2020 with a compound annual growth rate (CAGR 2020 - 2025) of about 12.5%, expected to reach 418.2 billion USD by 2028. In particular, the Asia Pacific (APAC) region is expected to achieve a CAGR of 16-18.3% from 2020 to 2025 (Mordor Intelligence, 2021 and Gartner, 2021)

Vietnamese cybersecurity market experienced a CAGR of approximately 16.9%, with a size of around 61.3 million USD (equivalent to nearly 1409 billion VND) in 2019. The index reached 81.4 million USD in 2020 (Ken Research, 2021). In 2021, Vietnam's cybersecurity market value is expected to reach 97.9 million USD, equivalent to 2,252 billion VND.

Compound annual growth rate (CAGR) from 2020 – 2025 of Cybersecurity market (Ken Research. Mordor Intelligence, Gartner)
Market size and Growth rate - Vietnam market, 2019 – 2022 (Ken Research, 2021)

Market value by customer segmentation

According to Ken Research, experiencing a high level of information security maturity, the Finance and Banking sectors account for most of the demand for information security in the Vietnam market. In particular, the group of joint-stock commercial banks and securities companies ranked Top1 for cybersecurity demands because they have a boom in transaction volume that needs to be secured in "healthy" cyberspace in 2020 and the first half of 2021.

The Government's directives and circulars on information security contribute to increasing demand in the Public sector. In addition to the provincial sections, the Bank, the State Treasury, many healthcare organizations began to focus on information security due to the complicated situation of COVID-19 and vaccine information.

Market share by Industry 2020

Revenue share of Information Security solutions in Vietnam

Cybersecurity standalone products and services account for a high market share of over 50% and are expected to increase from 2019 to 2025. Managed Security Services (MSS) accounts for 32% - 23% of the market share, tending to decrease from 2019 – 2025.

Regarding product type, Firewall product lines still hold the highest share from 25% in 2019 to 22% in 2025. Antivirus and Endpoint security has a small change, about 15-17%.

Revenue ratio by Information Security solutions in Vietnam 2019 - 2025 (Ken Research)
Revenue ratio by Information Security major Product, Service & Solution in Vietnam 2019 - 2025 (Ken Research)

According to Ken Research, the cybersecurity market in Vietnam has fierce competition between domestic and foreign vendors.

Regarding standalone products: In 2019, foreign products accounted for 75%, the index is 25% for domestic products. In 2025, it is expected that foreign products will decrease to 46%. As estimated, domestic developments will increase by 54%.

Regarding services: SOC, Pentest, Security Audit services are outstanding services provided by many domestic companies, thanks to the competitiveness of people, experts, and skillful incident response team.

However, since approximately 20 foreign companies are operating in Vietnam marker through distribution channels, it creates such drastic competition against domestic solutions in the product lines of Firewalls, EDR, Security Web Gateway, Security Email Gateway, SIEM/ SOAR.

With a direct-to-customer business model and distribution channels, Vietnamese security companies gradually expand their market share thanks to their domestic competitive advantages and legal corridors. However, that does not negate the high competition from foreign firms.

In 2025, it is predicted that the domestic standalone product market share will increase by 21%, reaching 35%, equivalent to information security services. Foreign products are expected to decrease their market share from 44% (2019) to 30% (2025).

Factors driving demand for Cybersecurity in Vietnam

The rapidly increasing risk of cyber attacks is the most critical factor leading to the increasing demand for information security in Vietnam. Furthermore, regulations and legal documents on information security also contribute significantly to the domestic market dynamic in cybersecurity.