Hackers Target Vietnam In Complex Supply Chain Attack

Vietnam appears to have been the target of a complex supply chain attack by unknown hackers utilizing malware. Targets were Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. This is according to a report from ESET:

ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software.

I find it difficult to believe that the Vietnam Government Certification Authority or VGCA was aware of this seeing as the day that ESET released their report the VGCA admitted to the security breach and published a tutorial on how users could remove the malware from their systems. So read into that what you will. I read it as “or crap we got caught out and we now have to make it look like we were on top of things.”

Leave a Reply

%d bloggers like this: