A lesser-known cyber-espionage group known as BlackTech has been caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign.
“The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen,” says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert.
D-Link cert used to sign PLEAD malware samples
According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group’s targets for these most recent attacks were again located in East Asia, particularly in Taiwan.