Security News > 2020 > December > Software Supply-Chain Attack Hits Vietnam Government Certification Authority
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority that compromised the agency's digital signature toolkit to install a backdoor on victim systems.
Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's website to insert a spyware tool called PhantomNet or Smanager.
After the attack was reported to VGCA, the certificate authority confirmed that "They were aware of the attack before our notification and that they notified the users who downloaded the trojanized software."
The incident highlights why supply-chain attacks are increasingly becoming a common attack vector among cyberespionage groups, as it allows the adversaries to deploy malware on many computers at the same time covertly.
Lastly, a supply-chain attack on SolarWinds Orion software discovered this week was exploited to breach several major US government agencies, including the Departments of Homeland Security, Commerce, Treasury, and State.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/BDmQJHnUqjY/software-supply-chain-attack-hits.html
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)