Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Digital Certificates are Stolen by Groups of Cyberespionage to Sign Malware

Code-signing certificates that are stolen are used by more cyberespionage groups to make its tools of hacking as well as malware look similar as genuine applications.

The most-recent instance is of a hacker group based in China, which has initiated attacks targeting both private and government organizations from all over the world since last two years.

Researchers of Symantec exposed the activities of the group during late 2015 when they found a hacking tool that was digitally signed, and was used for attacking one of the customers of the company.

The tool, a Windows brute-force Server Message Block (SMB) scanner, was signed by digital certificate belonging to a developer of mobile software in South Korea. This immediately gave a warning of danger because a mobile software company would never sign this kind of application.

Having traced the hacking group's traffic to IP addresses in Chengdu, China, researchers of Symantec finally identified a much larger collection of custom-developed backdoors and hacking tools, which were signed by nine different certificates of nine various companies. Strangely, all nine compromised companies are found to be existing within few miles of each other in Seoul. Arstechnica.com posted on 16th March, 2016, stating that while the physical proximity is doubtful, the researchers finally guessed that thefts of certificates did not happen due to any physical attack but most likely, it happened due to the owners being infected with malware which could search and remove signing certificates.

The researchers claimed that the certificates were found to be valid at the time of its discovery during late 2015, and their lawful owners were also not aware of its theft, although few certificates are used to sign since last 2014.

Symantec has dubbed this China-based hacker group as Suckfly, which uses a custom backdoor program in addition to hacking tools, seems to have been particularly designed for cyberespionage attacks. Symantec has named this malware program as Backdoor.Nidiran.

It is obvious that digital certificates, mainly those that are used for signing code, have become important targets of cybercriminals. Hence, it is extremely vital for organizations having this kind of certificates, to keep up maintaining strong cybersecurity practices and keep them in environments that are secure.

ยป SPAMfighter News - 3/23/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page