Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GoldenEyeDog Group Implicated in DigiCert Security Breach

GoldenEyeDog Group Implicated in DigiCert Security Breach

Posted on July 17, 2026 By CWS

In April 2026, a cybersecurity incident at DigiCert has been traced back to a cybercrime faction known as CylindricalCanine. This group is identified as a sub-division of GoldenEyeDog, a notorious Chinese cybercrime syndicate active since 2015, notorious for targeting the gambling and gaming industries with malware distributed through fake websites.

Details of the DigiCert Breach

GoldenEyeDog reportedly exploited malware to infiltrate a support member’s device at DigiCert, a provider of code-signing certificates. This breach enabled the theft of certificates intended for DigiCert clients, as analyzed by Expel’s researcher Aaron Walton. The intrusion underscores the sophistication of the malware and its operators, highlighting the vulnerabilities within digital certificate management systems.

Central to the group’s operations is the use of Golden Gh0st RAT, a modified variant of the widely deployed Gh0st RAT by Chinese hacking entities. Delivered using the Golden Gh0st Loader, this malware variant was previously reported in November 2025 by Elastic Security Labs, which detailed its distribution through the RONINGLOADER, a multi-stage loader disguising itself as legitimate software like Google Chrome.

Implications for Cybersecurity

The attack method employed by CylindricalCanine involves the misuse of code-signing certificates to sign their malware, thereby evading detection. DigiCert’s detailed report reveals that the attackers used a customer support channel to deliver a malicious payload via a disguised ZIP file, exploiting a customer-support portal function to access initialization codes necessary for obtaining EV Code Signing certificates.

This breach resulted in the revocation of 60 fraudulently obtained certificates, including those linked to other security authorities. Of particular concern were 27 certificates directly associated with the threat actor, which were used to sign malicious software like Zhong Stealer.

Long-term Cyber Threats

The strategies employed by CylindricalCanine, including the distribution of phishing emails with malicious links, emphasize the ongoing threat posed by such cybercrime groups. The group’s final attack stage involves deploying Golden Gh0st RAT, which possesses capabilities to maintain persistence, exfiltrate data, and execute additional payloads. Targeted applications include popular web browsers and communication tools, underscoring the need for enhanced security measures.

The findings highlight the growing trend of cybercriminals like CylindricalCanine, Black Basta, and others abusing code-signing certificates to further their operations. Cybersecurity firms and organizations must remain vigilant against such evolving threats to protect sensitive information and maintain trust in digital transactions.

The Hacker News Tags:APT, Asia-Pacific, certificate theft, Chinese cybercrime, code-signing certificates, cyber threat, Cybersecurity, CylindricalCanine, DigiCert breach, Expel, Gh0st RAT, GoldenEyeDog, Malware, phishing attack, Web3 security

Post navigation

Previous Post: NadMesh Botnet Exploits AI Services for Cloud Credentials
Next Post: Ransomware Disrupts Fairlife Production in U.S.

Related Posts

Global Crackdown on SocGholish Malware Cleans Thousands of Sites Global Crackdown on SocGholish Malware Cleans Thousands of Sites The Hacker News
GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets The Hacker News
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks The Hacker News
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers The Hacker News
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains The Hacker News
Grinex Exchange Halts After .74M Cyber Heist Linked to Intelligence Grinex Exchange Halts After $13.74M Cyber Heist Linked to Intelligence The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • EY Faces Data Breach: IT System Compromised
  • Malicious Vite npm Packages Exploit Blockchain for Cyberattack
  • Ransomware Disrupts Fairlife Production in U.S.
  • GoldenEyeDog Group Implicated in DigiCert Security Breach
  • NadMesh Botnet Exploits AI Services for Cloud Credentials

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • EY Faces Data Breach: IT System Compromised
  • Malicious Vite npm Packages Exploit Blockchain for Cyberattack
  • Ransomware Disrupts Fairlife Production in U.S.
  • GoldenEyeDog Group Implicated in DigiCert Security Breach
  • NadMesh Botnet Exploits AI Services for Cloud Credentials

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark