Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

New SignSight Supply-Chain Attack Targeted Certification Authority in Southeast Asia Twice

A second supply-chain attack dubbed Operation SignSight has been discovered on the website of the Vietnam Government Certification Authority. The attackers made changes to software installers available for download from the website. In addition, they added a backdoor to target users of a legitimate application.

What happened?

The Vietnam Government Certification Authority confirmed that they were victims of the recent supply-chain attack and alerted individuals who could have downloaded the malicious software installers.

  • The website, ca.gov.vn, was compromised from July 23 to August 16.
  • The attackers used two modified installers gca01-client-v2-x32-8.3.msi and gca01-client-v2-x64-8.3.msi. These two trojanized installers were laden with a piece of malware known as PhantomNet/SManager. 
  • Both MSI installers were downloaded from ca.gov.vn over HTTPS protocol.
  • Once downloaded and executed, the installer executes the genuine GCA program and the malicious file to ensure that end-users do not spot this compromise easily.

Recent attacks

Supply-chain attacks are now becoming quite a common attack vector among cyberespionage groups.

  • In the previous attack dubbed Operation StealthyTrident, cybercriminals compromised Able Desktop installers and their update system to propagate HyperBro, Korplug, and Tmanger malware, while focusing on Mongolian organizations.
  • Recently, a widespread campaign has been discovered to be abusing SolarWinds software as a supply chain.
  • Last month, the Lazarus group used an unusual supply-chain mechanism in South Korea.

Conclusion

Cybercriminals are apparently taking more interest in supply-chain attacks as such attacks provide them the ability to silently deploy their malware. Thus, experts suggest using reliable and up-to-date cybersecurity software, managing supplier relationships, and applying the Principle of Least Privilege (PoLP) to reduce the risk of malicious access.

Source: https://cyware.com/news/new-signsight-supply-chain-attack-targeted-certification-authority-in-southeast-asia-twice-f294295c

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO