Security News > 2023 > February > Emsisoft says hackers are spoofing its certs to breach networks
A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.
In a new security advisory, Emsisoft warned that one of its customers was targeted by hackers using an executable signed by a spoofed Emsisoft certificate.
"We recently observed an incident in which a fake code-signing certificate supposedly belonging to Emsisoft was used in an attempt to obfuscate a targeted attack against one of our customers," said Emsisoft in the security advisory.
Emsisoft says the threat actor likely gained initial access to the compromised device via brute-forcing RDP or using stolen credentials belonging to an employee of the targeted organization.
This MeshCentral executable was signed with a fake Emsisoft certificate claiming to be from "Emsisoft Server Trusted Network CA.".
While Emsisoft did not share details on the executable, BleepingComputer discovered it was named 'smsse.
News URL
Related news
- HPE investigates breach as hacker claims to steal source code (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploiting flaws in SimpleHelp RMM to breach networks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Orange Group confirms breach after hacker leaks company documents (source)