Security News > 2021 > July > Hackers Compromise Mongolian Certificate Authority to Spread Malware
An unknown threat actor has compromised the servers of Mongolian certificate authority MonPass and abused the organization's website for malware distribution, according to security researchers at Avast.
A major CA in East Asia, MonPass appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times.
Even the official MonPass client was compromised, with the infected binaries distributed between February 8 and March 3, 2021.
The security researchers identified eight different webshelles and backdoors on the compromised public web server.
MonPass was informed of the compromise and has taken steps to secure its servers.
The security researchers recommend that all those who downloaded the MonPass client between February 8 and March 3, 2021, remove the client and check their systems for the backdoor it might have fetched and installed.
News URL
Related news
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)