Skip to main content

Tag: code signing certificates

4 articles

Security analysts examine a laptop screen in a brightly-lit security operations center with rows of computer servers in the…

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates

In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

Analyst 207
Law enforcement officials in a secure facility render code-signing credentials invalid.

Microsoft Disrupts Cybercrime Service Selling Code-Signing Certificates to Ransomware Gangs

Microsoft has disrupted a notorious cybercrime operation, dubbed Fox Tempest, that sold code-signing certificates to ransomware gangs, allowing them to disguise malware as legitimate Windows software. The operation, which created over 580 fake Microsoft accounts, has been linked to two individuals, John Doe 1 and John Doe 2, who allegedly traded in real, Microsoft-issued code-signing credentials.

Analyst 207
Brightly-lit server rack in a cybersecurity operations center against a mid-tone background.

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft cracked down on a notorious malware-signing service used by ransomware gangs, disrupting the operations of Fox Tempest, a financially motivated group that generated millions of dollars in profits by selling trust to cybercriminals. The group had created over 1,000 code-signing certificates and hundreds of Azure tenants to support its industrial-scale scheme.

Analyst 207
Cluttered software development workstation with laptop, monitor, and papers in an office environment.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack

OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Analyst 207