ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Operation SignSight

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Operation SignSight

NamesOperation SignSight (ESET)
Country[Unknown]
MotivationInformation theft and espionage
First seen2020
Description(ESET) Just a few weeks after the supply-chain attack on the Able Desktop software, another similar attack occurred on the website of the Vietnam Government Certification Authority (VGCA): ca.gov.vn. The attackers modified two of the software installers available for download on this website and added a backdoor in order to compromise users of the legitimate application.

ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software.
ObservedCountries: Vietnam.
Tools usedMimikatz, PhantomNet.
Information<https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/>

Last change to this card: 07 January 2021

Download this actor card in PDF or JSON format

Previous: Operation Shady RAT
Next: Operation Spalax

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key