More than 1.34 million cyber attacks were blocked
Talking to Lao Dong, Mr. Nguyen Van Quang - Deputy Director of the Department of Information Technology of the State Audit said that information security monitoring work is always deployed continuously 24/7 to detect early and promptly handle incidents.
In the first 8 months of 2025, the State Audit's information security monitoring system (SOC) recorded and handled 1,344,751 cyber attacks, mainly gate scanning and fuzzing. All were successfully blocked, causing no damage to the system.
Along with that, SOC handled 14,102 unusual warnings, including 48 high-level warnings, 702 medium-level warnings and 13,285 low-level warnings. Some serious incidents have also been detected and handled promptly. In March 2025, the system recorded 1 case of malware implementation; by June 2025, 4 computers infected with ransomware with 5 encrypted messages had been isolated and cleaned to prevent the spread.
Mr. Nguyen Van Quang said that the State Audit Office also implements many solutions to raise user awareness. In September 2025, the agency launched a simulated phishing attack campaign against 1,000 accounts of officials. The results showed that there were 196 visits to the fake website and 80 authentication information were collected, including both email accounts and passwords. According to Mr. Quang, this result clearly reflects the need to increase training and strengthen vigilance for cadres, civil servants and public employees in the digital environment.
practical exercises and lessons learned
In parallel with regular monitoring, the State Audit organizes live drills to test response capability to cyber attack scenarios. Mr. Nguyen Van Quang shared that the results show that the State Audit system is multi-layered, internal applications are not publicly available on the Internet, so the risk of direct attacks is minimized. In the scenario of an attack from the Internet, the unit participating in the drill (Viettel) could not successfully penetrate.
However, the exercise also points to a notable risk when the personal accounts of some users are leaked on the dark web. The exercise unit used this login information to access the system in valid form, making it difficult for the defense to recognize the difference between attack and normal login. When the steps to escalate to take control were deployed, the defense team promptly detected and immediately contacted the State Audit's information security team. Because this is an exercise, the interception is not done immediately to ensure the scenario continues.
From this activity, the State Audit learned many important lessons. The current system is capable of preventing external attacks and early detection of unusual behavior. However, the problem of personal account leakage is still a big risk that needs to be overcome. According to Mr. Quang, the State Audit will increase training, raise awareness for officials and civil servants, and deploy multi-factor authentication solutions to limit the risk of illegal access. At the same time, it promotes the review, evaluation, and patching of vulnerabilities periodically on the system and application.
Mr. Nguyen Van Quang emphasized that the State Audit aims to build an information security culture in the entire industry, considering this a platform for digital data protection and maintaining the trust of society. Along with that, the State Audit will complete the legal framework on information technology, continue to upgrade the system to level 4 information security according to Decree 85/2016/ND-CP. At the same time, closely coordinate with the Ministry of Public Security, the Government Equipment Committee, the cyberspace Emergency Response Center and reputable cybersecurity units to enhance the capacity to ensure cyber security in the coming time.
