Vietnam targeted in complex supply chain attack


A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit.

The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates that can be used to electronically sign official documents.

Any Vietnamese citizen, private company, and even other government agency that wants to submit files to the Vietnamese government must sign their documents with a VGCA-compatible digital certificate.

Read more…
Source: ZDNet