Security News > 2022 > November > Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022.

Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor.

"The targeting of a certificate authority is notable, as if the attackers were able to successfully compromise it to access certificates they could potentially use them to sign malware with a valid certificate, and help it avoid detection on victim machines," Symantec researchers said in a report shared with The Hacker News.

The cybersecurity company noted that there is no evidence to indicate that Billbug was successful in compromising the digital certificates.

An analysis of the latest wave of attacks indicates that initial access is likely obtained through the exploitation of internet-facing applications, following which a combination of bespoke and living-off-the-land tools are employed to meet its operational goals.

"The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," the researchers concluded.

News URL

https://thehackernews.com/2022/11/researchers-say-china-state-backed.html