Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software

In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia’s major certificate authorities, to backdoor its installer software with Cobalt Strike binaries.
The trojanized client was available for download between February 8, 2021, and March 3, 2021, said Czech cybersecurity software company Avast in a report published Thursday.