The Slovak cybersecurity company ESET published a report on December 17th about the presence of application malware offered by the Vietnamese Certification Authority (VGCA). It would be a reconnaissance operation with the ultimate goal of identifying more specific targets.
VGCA, an ideal gateway for malware
ESET has discovered a Trojan horse called PhantomNet, also known as Smanager, in two software programs offered by the VGCA that will be active from July 23rd to August 5th. This official Vietnamese organization issues digital certificates that are used to electronically sign official documents of the country, explains ZDNet, which discovered the information. In particular, it offers applications for private companies, civil servants or individuals for electronic signatures. This important role in an economy that has begun its digital transformation opens up large numbers of victims to the hackers behind the malware.
In the same category
Will the new identity card be forgery-proof?
It would be a rebound attack, which consists of breaking into an information system and then being kidnapped to attack a secondary target. PhantomNet is quite simple in structure but useful for installing advanced plug-ins into the infected system. For example, some plug-ins can get proxy settings to bypass firewalls and allow other applications to download and run.
ESET warned the VGCA in early December, the cybersecurity firm said the authorities had already been informed. They publicly acknowledged this when the report came out and immediately offered a tutorial on how to get rid of the malware.
China, an ideal suspect
The Slovak company explains that it also discovered PhantomNet in the Philippines without knowing how the malware got there. She could not determine the origin of the attack with any certainty, but previous investigations on PhantomNet appear to have been pointing the finger at China-sponsored cyber espionage groups. Beijing is the ideal suspect, Vietnam is in its economic sphere of influence, but the two countries often maintain strained relations between the relocations of Western companies suffering from American sanctions and a territorial conflict in the South China Sea.