Reports the Vietnam Government Certification Authority suffered supply chain attack.
It has been reported that in early December 2020, the Vietnam Government Certification Authority (VGCA) was the victim of a supply-chain attack, similar to the Able Desktop software attack.
According to cyber security firm, ESET, researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organisation and the VNCERT.
“We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else,” stated ESET.
The VGCA confirmed the attack on its website, stating “the malware monitoring, monitoring and analysis system of the IT Center and Cyber Security Surveillance Station – the Government Cipher Committee has detected many attack campaigns with malicious intentions”.
According to VGCA, access to user computers in Party and State agencies, include computers using special digital signatures of the Government to serve administration and work handling activities in the network environment. Commonly used malware types: Trojan-Dropper, Trojan-Spy, Trojan-Downloader, Backdoor.win32.
Hackers carried out attack campaigns in many different forms such as via email, attack directly on the portal of ministries, websites providing public services and insert malicious code.
“Documents and program setup files are available on the Portal of ministries and on websites of public service providers,” the VGCA stated. “When the user performs the download to use, the computer will be infected with malicious code, controlled and the documents on the computer will be stolen.”
Although digital signature is an information security solution that is applied to ensure authenticity, integrity and prevent rejection.
However, researchers from Ruhr Bochum University (Germany) have revealed a new attack method called Shadow Attack on digitally signed PDF files.
These attack techniques allow hackers to hide and replace content in digitally signed PDF documents without disabling the signature. Hackers can create a document with two different content, one that the signer sees and another that the recipient of the document sees.