Cyberespionage groups are stealing digital certificates to sign malware

An increasing number of cyberespionage groups are using stolen code-signing certificates to make their hacking tools and malware look like legitimate applications.

The latest example is a China-based hacker group that has launched targeted attacks against government and commercial organizations from around the world over the past two years.

The group’s activities were uncovered by researchers from Symantec in late 2015 when they detected a digitally signed hacking tool that was used in an attack against one of the company’s customers.

The tool, a Windows brute-force server message block (SMB) scanner, was signed with a digital certificate that belonged to a South Korean mobile software developer. This immediately raised red flags as a mobile software company would have no reason to sign such an application.

To read this article in full or to leave a comment, please click here