← All stories
● Covered by 1 source Β· 1 reportHigh impact

DigiCert Breach Attributed to GoldenEyeDog Subgroup and Code-Signing Theft

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

The April 2026 security incident at DigiCert has been linked to the GoldenEyeDog subgroup, CylindricalCanine, which stole code-signing certificates. This breach highlights vulnerabilities in digital certificate management and raises concerns about the integrity of software distribution.

Key points

DigiCert Incident Overview

In April 2026, a significant cybersecurity breach involving DigiCert was reported. The incident was attributed to a cybercrime group known as GoldenEyeDog, specifically a subgroup called CylindricalCanine. They accessed a support member's device and stole code-signing certificates intended for DigiCert customers.

Threat Actor Profile

GoldenEyeDog, also identified as APT-Q-27, is a Chinese cybercrime group active since 2015. They are known for their targeted attacks against the gambling and gaming sectors. This subgroup exploited malware to gain unauthorized access, showcasing their advanced capabilities.

Malware Modifications and Techniques

Central to the attack was a modified version of the Gh0st RAT, named Golden Gh0st RAT, delivered via Golden Gh0st Loader. The malware's distribution involved complex techniques such as abusing legitimate installer platforms to spread their tools.

Previous Activities and Patterns

Prior to the DigiCert breach, GoldenEyeDog was observed targeting customer support staff in Web3 companies. Their methods align with previous campaigns against finance organizations in the Asia-Pacific region. This consistency underlines the group's focus on specific industry sectors.

Significance of the Breach

The theft of code-signing certificates is particularly concerning as it can undermine the trust in software integrity, impacting many downstream users. The DigiCert compromise serves as a warning about the importance of securing digital credentials in the wake of increasingly sophisticated cyber threats.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

The April 2026 security incident at DigiCert has been linked to the GoldenEyeDog subgroup, CylindricalCanine, which stole code-signing certificates. This breach highlights vulnerabilities in digital certificate management and raises concerns about the integrity of software distribution.