Security News > 2023 > February > Emsisoft says hackers are spoofing its certs to breach networks
A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.
In a new security advisory, Emsisoft warned that one of its customers was targeted by hackers using an executable signed by a spoofed Emsisoft certificate.
"We recently observed an incident in which a fake code-signing certificate supposedly belonging to Emsisoft was used in an attempt to obfuscate a targeted attack against one of our customers," said Emsisoft in the security advisory.
Emsisoft says the threat actor likely gained initial access to the compromised device via brute-forcing RDP or using stolen credentials belonging to an employee of the targeted organization.
This MeshCentral executable was signed with a fake Emsisoft certificate claiming to be from "Emsisoft Server Trusted Network CA.".
While Emsisoft did not share details on the executable, BleepingComputer discovered it was named 'smsse.
News URL
Related news
- Orange Group confirms breach after hacker leaks company documents (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)