Attackers launched complex supply chain attacks on Vietnamese government agencies
According to the latest security report released by ESET, unknown attackers launched complex supply chain attacks against Vietnamese national government agencies and private companies.
The attackers in some way implanted the backdoor program into the Vietnam Government Certification Authority (VGCA), which is widely used by the Vietnamese government, enterprises, and people.
It is precisely this way that a large number of government agencies, enterprises, and people use this digital signature authentication tool, and then users are completely infected by the backdoor program implanted by the attacker.
In addition to Vietnam, security companies have also found infected samples of this backdoor program in the Philippines, but there is currently no evidence to explain how it was infected and spread.
The Vietnam Government Certification Authority (VGCA) is the official agency of Vietnam, which is mainly used to issue digital certificates, and then digital certificates are used to sign documents.
In order to facilitate the use of the organization, it has also developed a Windows client program. Users only need to install the client to apply for a digital certificate and complete content signing.
Any Vietnamese citizens, private companies, and even other government agencies who want to submit documents to the Vietnamese government need to use the agency’s digital certificate for authentication.
The unknown attacker implanted the backdoor program in the client program. The exact time of the implantation and how to penetrate the authority is temporarily unknown.
However, a large number of organizations and people have been infected with backdoor programs after using this program.
The backdoor can load a large number of trojan horse programs into the victim’s computer, and its plug-ins include retrieving proxy settings and bypassing firewalls.
Judging from the currently known information, the attacker uses the backdoor program to hide in the victim’s system first, and then silently collect data to analyze the nature of the victim.
If the victim is the target of the attacker, the backdoor program will receive more instructions, and then it can launch more complex attacks including collecting all data in the intranet.
After the security company released the report, the Vietnamese government certification authority confirmed that it was attacked, and it also issued guidelines to guide victims on how to clean up these backdoor programs.
In addition to Vietnam, security companies have also found samples of virus infections in the Philippines, but it is not clear how Philippines victims were infected by the Trojan.