Cybercrimnials Targeted Vietnam Private & Government Agencies in Supply Chain Attack

A Cyberattack carried out against Vietnamese private companies and government agencies by infecting them with malware in an official government toolkit, a group of enigmatic hackers has carried out a clever third-party attack on Vietnamese private companies and government departments.

The attack, which was discovered by ESET and outlined in detail in a study called Operation SignSight, attacked the governmental agency Vietnam Government Certification Authority (VGCA), which issues digital certificates that can be used to sign official documents electronically.

VGCA not only issues these digital licenses, but also offers ready-made and user-friendly “client apps” that individuals, private businesses, and government employees can install on their devices and simplify the document signing process.

But ESET claims that hackers breached the website of the department, located at ca.gov.vn, and injected the malware into two applications provided for download by VGCA customers.

Both files were client programs for Windows users, 32-bit (gca01-client-v2-x32-8.3.msi) and 64-bit (gca01-client-v2-x64-8.3.msi). In ESET’s opinion, the two files housed a trojan backdoor called PhantomNet, also known as Smanager, between July 23 and August 5 of this year.

Researchers say that “The malware was not tricky but was just a wireframe for more efficient plugins”.

Established plugins provided proxy set-up features for circumventing company firewalls and installing and running other (malicious) software. The security organization claims that the loophole was used to identify chosen targets before a more sophisticated attack.

ESET researchers said they had alerted the VGCA at the beginning of this month, but before their contact, the organization had known the attack already. This year, the VGCA incident was marked as the fifth largest assault on the supply chain, here are the top 5 attacks:


SolarWinds — Russian hackers also breached SolarWinds Orion’s system of upgrading and have corrupted the Sunburst malware with the internal networks of thousands of businesses.

Able Desktop – The upgrade process of a chat app used by hundreds of Mongolian government departments has been hacked by Chinese hackers.

GoldenSpy – A Chinese bank pushed a backdoor tax tech toolkit from international firms trading in China.
Wizvera VeraPort – The Wizvera VeraPort device has been hacked by North Korean hackers to send ransomware to users in South Korea.

Back to top button