Thursday, September 23, 2021

Vietnam targeted in a complex supply chain attack

Must Read

More than 80% of Companies re-structured Their cybersecurity infrastructure in 2020

The year 2020 was transformative.This shift was directed by large scale ventures. Little and medium-sized businesses have followed suit...

SA’s 11 million Players warned of targeted cyber attacks

The worldwide gaming market has seen significant growth under lockdown, during a period when it had been rated the...

Data Of 10 Million Digital Payments Transactions Leaked On Dark web In Juspay data breach

Sensitive information of over 100 million debit and credit cardholders have been leaked on the dark web, a security...

Hackers have inserted malware inside an app offered for download by the Vietnam Government Certification Authority (VGCA).

A bunch of mysterious hackers has completed a smart supply chain assault against Vietnamese private businesses and government agencies by adding malware within a formal authorities program toolkit.

The attack, found by security company ESET and comprehensive in a report called”Operation SignSight,” directed at the Vietnam Government Certification Authority (VGCA), the government company that issues digital certificates which may be used to digitally sign official records.

Any Vietnamese citizen, personal business, and also other government agency that wishes to submit documents to the Vietnamese authorities should sign their records using a VGCA-compatible digital certification.

The VGCA does not only issue these electronic certificates but additionally provides readymade and user-friendly”customer programs” that citizens, private businesses, and government employees may install on their computers and also automate the process of signing a record.

However, ESET claims that sometime this year, hackers broke into the bureau’s site, found at, also added malware within two of their VGCA customer apps offered for downloading on the website.

Msi) customer programs for Windows users.

ESET claims that between July 23 and August 5, this season, the 2 files included a backdoor trojan named PhantomNet, also referred to as Smanager.

The malware was not very intricate but was only a wireframe for much more powerful plugins, researchers stated.

Known plugins contained the operation to retrieve proxy configurations to bypass corporate firewalls and the ability to obtain and run additional (malicious) programs.

The security company considers the backdoor was employed for reconnaissance before a more intricate attack against selected targets.

ESET researchers said that they informed the VGCA before this month but the bureau had known of the assault before its contact.

In the afternoon ESET released its report, the VGCA also officially admitted to this security violation and released a tutorial on how users can get rid of the malware from their systems.

ESET explained that it also discovered victims infected with the PhantomNet recurrence from the Philippines but wasn’t able to state these users got infected. Still another delivery mechanism is supposed.

The Slovak security company did not formally include the attack to some specific group, but reports connected the PhatomNet (Smanager) malware to Chinese state-sponsored cyber-espionage pursuits.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This