Security News > 2022 > November > Researchers Say China State-backed Hackers Breached a Digital Certificate Authority
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022.
Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor.
"The targeting of a certificate authority is notable, as if the attackers were able to successfully compromise it to access certificates they could potentially use them to sign malware with a valid certificate, and help it avoid detection on victim machines," Symantec researchers said in a report shared with The Hacker News.
The cybersecurity company noted that there is no evidence to indicate that Billbug was successful in compromising the digital certificates.
An analysis of the latest wave of attacks indicates that initial access is likely obtained through the exploitation of internet-facing applications, following which a combination of bespoke and living-off-the-land tools are employed to meet its operational goals.
"The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," the researchers concluded.
News URL
https://thehackernews.com/2022/11/researchers-say-china-state-backed.html
Related news
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)
- Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (source)
- China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices (source)
- China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (source)