Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency’s digital signature toolkit to install a backdoor on victim systems.
Uncovered by Slovak internet security company ESET early this month, the « SignSight » attack involved modifying software installers hosted on the CA’s website (« ca.gov.vn
Source de l’article sur The Hacker News