A cyberespionage group has stolen code-signing certificates from D-Link and another Taiwanese technology company and used them to sign a backdoor program.
BlackTech is a group of attackers known for targeting organizations from East Asia, particularly from Japan, Taiwan and Hong Kong. According to an analysis last year by researchers from Trend Micro, the group might be responsible for cyberespionage campaigns dating back to at least 2010 and its goal is to steal the technology of its victims.
- Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday
- Hide-N-Seek IoT Botnet Starts Infecting Database Servers
- Gentoo Repository Compromised Due to Weak Admin Password
BlackTech’s toolset includes a backdoor program dubbed Plead and a file exfiltration tool called Drigo. Plead allows attackers to harvest
... read more at: https://securityboulevard.com/2018/07/cyberespionage-group-steals-certificates-to-sign-malware/