Latest Breaking News On - Vietnam government certification authority - Page 1 : comparemela.com
Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software
thehackernews.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from thehackernews.com Daily Mail and Mail on Sunday newspapers.
A sobering reminder for more vigilant supply chain security
computerweekly.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from computerweekly.com Daily Mail and Mail on Sunday newspapers.
The attack, discovered by security firm ESET and detailed in a report named Operation SignSight, targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates that can be used to electronically sign official documents.
Any Vietnamese citizen, private company, and even other government agency that wants to submit files to the Vietnamese government must sign their documents with a VGCA-compatible digital certificate.
The VGCA doesn t only issue these digital certificates but also provides ready-made and user-friendly client apps that citizens, private companies, and government workers can install on their computers and automate the process of signing a document.
Earlier this month alarm bells rang in the US after an IT management software provider SolarWinds found a massive breach in its network. Alleged Russian hackers managed to invade the network and stay hidden for nearly nine months before trojanizing an update to get into its clients networks. The massive hack had over a dozen US government agencies breached beside private companies like Cisco and Microsoft.
Now, Vietnam is under a similar supply-chain attack, compromising government agencies and private companies. According to cybersecurity researchers, the unknown hackers were able to deploy malware inside a government software toolkit. The supply-chain attack was discovered by Slovak cybersecurity and antivirus firm ESET and named Operation SignSight .
Software Supply-Chain Attack Hits Vietnam Government Certification Authority
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency s digital signature toolkit to install a backdoor on victim systems.
Uncovered by Slovak internet security company ESET early this month, the SignSight attack involved modifying software installers hosted on the CA s website ( ca.gov.vn ) to insert a spyware tool called PhantomNet or Smanager.
According to ESET s telemetry, the breach happened from at least July 23 to August 16, 2020, with the two installers in question gca01-client-v2-x32-8.3.msi and gca01-client-v2-x64-8.3.msi for 32-bit and 64-bit Windows systems tampered to include the backdoor.
vimarsana © 2020. All Rights Reserved.