Attack Against App Offered By Vietnam Government

Home/Targeted Attacks/Attack Against App Offered By Vietnam Government

Attack Against App Offered By Vietnam Government

A complex Supply-Chain attack hit Vietnam Government Certification Authority (VGCA).

Supply Chain Attack:

A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

Earlier today, a security firm discovered — hackers targeted the Vietnam Government Certification Authority (VGCA) — an organization that issues digital certificates.

Vietnamese authorities sign the records using a VGCA-compatible digital certification, that any Vietnamese citizen, personal business, and also other government agency that wishes to submit documents.

Security company ESET, in its report named “Operation SignSight,” stated attackers modified two of the software installers available for download on this website.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

Followingly, added a backdoor in order to compromise users of the legitimate application.

In the report, Firstly, Hackers broke into the agency’s website, located at

Secondly, inserted malware inside two of the VGCA client apps offered for download on the site.

Moreover, between July 23 and August 5, this year, the two files contained a backdoor trojan named PhantomNet, also known as Smanager.

The malware was not very intricate but was only a wireframe for much more powerful plugins.

However, VGCA confirmed that the agency had already known of the attack prior to its contact.

Previous Supply-Chain Attack Victims:

According ZDNet, The VGCA incident marks the fifth major supply chain attack this year after the likes of:

  • SolarWinds – Russian hackers compromised the update mechanism of the SolarWinds Orion app and infected the internal networks of thousands of companies across the glove with the Sunburst malware.
  • Able Desktop – Chinese hackers have compromised the update mechanism of a chat app used by hundreds of Mongolian government agencies.
  • GoldenSpy – A Chinese bank had been forcing foreign companies activating in China to install a backdoored tax software toolkit.
  • Wizvera VeraPort – North Korean hackers compromised the Wizvera VeraPort system to deliver malware to South Korean users.

Indicators of Compromise:


SHA-1ESET detection nameDescription
5C77A18880CF58DF9FBA102DD8267C3F369DF449Win32/TrojanDropper.Agent.SJQTrojanized installer (gca01-client-v2-x64-8.3.msi)
B0E4E9BB6EF8AA7A9FCB9C9E571D8162B1B2443AWin32/TrojanDropper.Agent.SJQTrojanized installer (gca01-client-v2-x32-8.3.msi)
9522F369AC109B03E6C16511D49D1C5B42E12A44Win32/TrojanDropper.Agent.SJQPhantomNet dropper
5DFC07BB6034B4FDA217D96441FB86F5D43B6C62Win32/PhantomNet.APhantomNet plugin

C&C servers


In conclusion, VGCA published a tutorial on how users could remove the malware from their systems

By | 2020-12-28T21:17:38+05:30 December 28th, 2020|Targeted Attacks|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!