A new supply-chain attack targets Vietnam’s government certification authority. The agency’s digital signature toolkit was compromised to install a backdoor on victim systems. The only way a user can get infected is when the compromised software hosted on the official website is manually downloaded and executed on the target system. The ultimate goal of the attack remains unclear as well, what with little to no information about the attackers’ post-compromise activity. Supply-chain attacks are increasingly becoming a common attack vector among cyberespionage groups.
Source: https://thehackernews.com/2020/12/software-supply-chain-attack-hits.html