Hackers Using Stolen D-Link Certificates for Malware Signing

Discussion in '0-day Release' started by silversurfer, Jul 9, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A cyber-espionage group is abusing code-signing certificates stolen from Taiwan-based companies for the distribution of their backdoor, ESET reports.

    The group, referred to as BlackTech, appears highly skilled and focused on the East Asia region, particularly Taiwan. The certificates, stolen from D-Link and security company Changing Information Technology Inc., have been used to sign the Plead backdoor, ESET's security researchers say.

    The Plead campaign is believed to have been active since at least 2012, often focused on confidential documents and mainly targeting Taiwanese government agencies and private organizations.

    Evidence of the fact that the D-Link certificate was stolen comes from the fact that it was used to sign non-malicious D-Link software, not only the Plead malware, ESET explains.

    After being informed on the misuse of its certificate, D-Link revoked it, along with a second certificate, on July 3. In an advisory, the company said that most of its customers should not be affected by the revocation.

    Full Article: https://www.securityweek.com/hackers-using-stolen-d-link-certificates-malware-signing
     
    Trim and RGiskardR like this.
  2. Google Adsense

Share This Page