{
	"id": "b1762c42-8023-4f8b-b82f-e7ae79f6fbbb",
	"created_at": "2026-04-06T00:14:25.106278Z",
	"updated_at": "2026-04-10T03:23:54.954785Z",
	"deleted_at": null,
	"sha1_hash": "1e92d9c3a4e40ea87670f052e5623ade075778d3",
	"title": "Operation SignSight - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43084,
	"plain_text": "Operation SignSight - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 13:25:45 UTC\nHome \u003e List all groups \u003e Operation SignSight\n APT group: Operation SignSight\nNames Operation SignSight (ESET)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2020\nDescription\n(ESET) Just a few weeks after the supply-chain attack on the Able Desktop software, another\nsimilar attack occurred on the website of the Vietnam Government Certification Authority\n(VGCA): ca.gov.vn. The attackers modified two of the software installers available for\ndownload on this website and added a backdoor in order to compromise users of the legitimate\napplication.\nESET researchers uncovered this new supply-chain attack in early December 2020 and\nnotified the compromised organization and the VNCERT. We believe that the website has not\nbeen delivering compromised software installers as of the end of August 2020 and ESET\ntelemetry data does not indicate the compromised installers being distributed anywhere else.\nThe Vietnam Government Certification Authority confirmed that they were aware of the attack\nbefore our notification and that they notified the users who downloaded the trojanized\nsoftware.\nObserved Countries: Vietnam.\nTools used Mimikatz, PhantomNet.\nInformation\nLast change to this card: 07 January 2021\nDownload this actor card in PDF or JSON format\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=e8cfaf96-906e-42f6-a677-da2aee6b662d\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e8cfaf96-906e-42f6-a677-da2aee6b662d\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=e8cfaf96-906e-42f6-a677-da2aee6b662d\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e8cfaf96-906e-42f6-a677-da2aee6b662d"
	],
	"report_names": [
		"showcard.cgi?u=e8cfaf96-906e-42f6-a677-da2aee6b662d"
	],
	"threat_actors": [
		{
			"id": "bbdb2d7d-4bf4-4100-a108-f4742cfd69ff",
			"created_at": "2022-10-25T16:07:24.01101Z",
			"updated_at": "2026-04-10T02:00:04.836112Z",
			"deleted_at": null,
			"main_name": "Operation SignSight",
			"aliases": [],
			"source_name": "ETDA:Operation SignSight",
			"tools": [
				"Mimikatz",
				"PhantomNet",
				"SManager"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434465,
	"ts_updated_at": 1775791434,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1e92d9c3a4e40ea87670f052e5623ade075778d3.pdf",
		"text": "https://archive.orkl.eu/1e92d9c3a4e40ea87670f052e5623ade075778d3.txt",
		"img": "https://archive.orkl.eu/1e92d9c3a4e40ea87670f052e5623ade075778d3.jpg"
	}
}