Names | Operation SignSight (ESET) | |
Country | [Unknown] | |
Motivation | Information theft and espionage | |
First seen | 2020 | |
Description | (ESET) Just a few weeks after the supply-chain attack on the Able Desktop software, another similar attack occurred on the website of the Vietnam Government Certification Authority (VGCA): ca.gov.vn. The attackers modified two of the software installers available for download on this website and added a backdoor in order to compromise users of the legitimate application. ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software. | |
Observed | Countries: Vietnam. | |
Tools used | Mimikatz, PhantomNet. | |
Information | <https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/> |
Last change to this card: 07 January 2021
Download this actor card in PDF or JSON format
Previous: Operation Shady RAT
Next: Operation Silent Skimmer
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |