BlackTech APT Steals D-Link Cert for Cyber-Espionage Campaign

Stolen certs

A lesser-known cyber-espionage group known as BlackTech has been caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign.

“The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen,” says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert.

D-Link cert used to sign PLEAD malware samples

Cherepanov says BlackTech operators used the stolen cert to sign two malware payloads —the first is the PLEAD backdoor, while the second is a nondescript password stealer.

According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group’s targets for these most recent attacks were again located in East Asia, particularly in Taiwan.

The password

... read more at: