A gang of anonymous attackers has launched a series of a clever supply chain breach against Vietnamese government agencies and private organizations by embedding malware inside a government software toolkit. Security organization ESET detected the attack and explained it in a report titled “Operation SignSight.” The attack targeted the government organization, Vietnam Government Certification Authority (VGCA) which issues digital certificates to sign official documents electronically. As per reports by ESET, hackers breached the website of the agency present at ca.gov.vn and embedded malware into two of the VGCA client applications available for download on the website.
Source: zdnet