BlackTech threat group steals D-Link certificates to spread backdoor malware

Researchers have uncovered a new malicious campaign which utilizes stolen D-Link certificates to sign malware. A team from cybersecurity firm ESET has said the new malware campaign was spotted when the company’s systems marked several files as malicious. The files raised the interest of researchers after it was noted that the flagged files were digitally signed using a legitimate D-Link code-signing certificate.

Certificates are issued to ascertain the legitimacy — and safety — of files and software. However, if a threat actor manages to steal one, they can then sign malicious software to make it appear legitimate and to circumvent standard cybersecurity protection solutions.

Read more about the campaign that is believed to be the work of BlackTech, an advanced persistent threat (APR) group which focuses on targets in Asia, on TechRepublic.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief