Threat actors compromised the servers of Mongolian certificate authority (CA) MonPass and used its website to spread malware. Avast researchers found eight different webshells and backdoors on a CAs compromised server. Experts also discovered that tainted versions of the official MonPass client were distributed between February 8 and March 3, 2021. The security firm did not attribute the attack to a specific threat actor, however, experts noticed overlaps of indicators of compromise (IoCs) associated with this attack with those shared by NTT Security Threat Intelligence experts.”]
Source: https://securityaffairs.co/wordpress/119677/malware/mongolian-ca-monpass-hack.html

