Unidentified hackers breached the website of one of Mongolia’s major certificate authorities to backdoor its installer software with Cobalt Strike binaries. The trojanized client was available for download between February 8, 2021, and March 3, 2021. A public webserver hosted by MonPass was infiltrated potentially as many as eight separate times, with the researchers uncovering eight different web shells and backdoors on the compromised server. The modus operandi is notable for the use of steganography to transfer shellcode to the victim machine.
Source: https://thehackernews.com/2021/07/mongolian-certificate-authority-hacked.html