According to the security firm ESET, a group of unknown hackers has conducted a sophisticated supply chain attack against Vietnamese private companies and government agencies. The threat actors targeted the Government Certification Authority (VGCA) by inserting malware inside an official software toolkit. The VGCA issues digital certificates used to sign official documents electronically and every organization that wants to submit files to the Vietnamese government must sign all documents with a compatible certificate.
The VGCA has also released client apps that allow private companies and organizations working with the government to install software on their computers and automate the certification process. However, at some point within the past year, threat actors were able to break into the VGCA website and insert malware into two different client apps available for download. This malware is known to be the backdoor Trojan called PhantomNet. ESET believes this was the gateway into more complex attacks against the Vietnamese government, which has formally announced the attack.
