Security News > 2021 > July > Hackers Compromise Mongolian Certificate Authority to Spread Malware
An unknown threat actor has compromised the servers of Mongolian certificate authority MonPass and abused the organization's website for malware distribution, according to security researchers at Avast.
A major CA in East Asia, MonPass appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times.
Even the official MonPass client was compromised, with the infected binaries distributed between February 8 and March 3, 2021.
The security researchers identified eight different webshelles and backdoors on the compromised public web server.
MonPass was informed of the compromise and has taken steps to secure its servers.
The security researchers recommend that all those who downloaded the MonPass client between February 8 and March 3, 2021, remove the client and check their systems for the backdoor it might have fetched and installed.
News URL
Related news
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)