The April 2026 security incident at DigiCert has been linked to the GoldenEyeDog subgroup, CylindricalCanine, which stole code-signing certificates. This breach highlights vulnerabilities in digital certificate management and raises concerns about the integrity of software distribution.
In April 2026, a significant cybersecurity breach involving DigiCert was reported. The incident was attributed to a cybercrime group known as GoldenEyeDog, specifically a subgroup called CylindricalCanine. They accessed a support member's device and stole code-signing certificates intended for DigiCert customers.
GoldenEyeDog, also identified as APT-Q-27, is a Chinese cybercrime group active since 2015. They are known for their targeted attacks against the gambling and gaming sectors. This subgroup exploited malware to gain unauthorized access, showcasing their advanced capabilities.
Central to the attack was a modified version of the Gh0st RAT, named Golden Gh0st RAT, delivered via Golden Gh0st Loader. The malware's distribution involved complex techniques such as abusing legitimate installer platforms to spread their tools.
Prior to the DigiCert breach, GoldenEyeDog was observed targeting customer support staff in Web3 companies. Their methods align with previous campaigns against finance organizations in the Asia-Pacific region. This consistency underlines the group's focus on specific industry sectors.
The theft of code-signing certificates is particularly concerning as it can undermine the trust in software integrity, impacting many downstream users. The DigiCert compromise serves as a warning about the importance of securing digital credentials in the wake of increasingly sophisticated cyber threats.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
The April 2026 security incident at DigiCert has been linked to the GoldenEyeDog subgroup, CylindricalCanine, which stole code-signing certificates. This breach highlights vulnerabilities in digital certificate management and raises concerns about the integrity of software distribution.