Cyberespionage Group Steals Certificates to Sign Malware

A cyberespionage group has stolen code-signing certificates from D-Link and another Taiwanese technology company and used them to sign a backdoor program.

BlackTech is a group of attackers known for targeting organizations from East Asia, particularly from Japan, Taiwan and Hong Kong. According to an analysis last year by researchers from Trend Micro, the group might be responsible for cyberespionage campaigns dating back to at least 2010 and its goal is to steal the technology of its victims.

BlackTech’s toolset includes a backdoor program dubbed Plead and a file exfiltration tool called Drigo. Plead allows attackers to harvest

... read more at: https://securityboulevard.com/2018/07/cyberespionage-group-steals-certificates-to-sign-malware/