This is not the first time Myanmar has dealt with a watering hole attack. The previous incidents occurred in November 2014 and May 2015 where Evilgrab was delivered through the President’s website, but this current attack appears unrelated. Detecting modifications to websites like this can be mitigated in many ways, one of which is file and website integrity monitoring. Taking a SHA-256 hash of the original site or template and performing routine or automated checks against the site can help set off alerts when any changes are made – comparing the detected changes to authorized and expected alterations of the site can lead to discovery of threats. Depending on how often a website is updated, this approach may or not be feasible. Another important consideration for website security is to publish a way to contact the website owner about security issues. Quite often, website problems are first spotted by a security researcher, and unless there is a clear way to communicate the issue to the website owner, the problem might go unreported.

https://therecord.media/backdoor-malware-found-on-the-myanmar-presidents-website-again/

https://www.virustotal.com/gui/file/5009f65e7a8d84a9955d5adbdb86107b15304b1061bdaba5dd2ac2293dd8e6cb/summary

#ESETresearch uncovered a supply chain attack on the Myanmar president office website (https://t.co/r75dOHVwpU[.]mm). Attackers trojanized an archive containing fonts available for download on the homepage. 1/7 pic.twitter.com/BtvuXBO4Tw

— ESET research (@ESETresearch) June 2, 2021