The investigation showed that the MonPass public webserver was hacked eight times.
Hackers hacked into the server of one of the largest certification authorities in Mongolia, MonPass, and implemented a backdoor into the official client for installing certificates. According to Avast, the backdoor was in the application from February 8 to March 3 this year.
The investigation showed that the MonPass public webserver was hacked eight times, as indicated by eight different web shells and backdoors found by experts. According to them, the attackers’ goal was to infect computers in Mongolia with malware.
Despite having access to the compromised MonPass server, the Avast team was unable to determine exactly which group was involved in the hack. MonPass representatives did not comment on the findings of the experts in any way, but, apparently, the company “cleaned” the server and informed the users who downloaded the malicious client about the incident.
Catch up on more articles here
Follow us on Twitter here