Security News > 2021 > July > Hackers Compromise Mongolian Certificate Authority to Spread Malware
An unknown threat actor has compromised the servers of Mongolian certificate authority MonPass and abused the organization's website for malware distribution, according to security researchers at Avast.
A major CA in East Asia, MonPass appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times.
Even the official MonPass client was compromised, with the infected binaries distributed between February 8 and March 3, 2021.
The security researchers identified eight different webshelles and backdoors on the compromised public web server.
MonPass was informed of the compromise and has taken steps to secure its servers.
The security researchers recommend that all those who downloaded the MonPass client between February 8 and March 3, 2021, remove the client and check their systems for the backdoor it might have fetched and installed.
News URL
Related news
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)