Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GoldenEyeDog Group Implicated in DigiCert Security Breach

GoldenEyeDog Group Implicated in DigiCert Security Breach

Posted on July 17, 2026 By CWS

In April 2026, a cybersecurity incident at DigiCert has been traced back to a cybercrime faction known as CylindricalCanine. This group is identified as a sub-division of GoldenEyeDog, a notorious Chinese cybercrime syndicate active since 2015, notorious for targeting the gambling and gaming industries with malware distributed through fake websites.

Details of the DigiCert Breach

GoldenEyeDog reportedly exploited malware to infiltrate a support member’s device at DigiCert, a provider of code-signing certificates. This breach enabled the theft of certificates intended for DigiCert clients, as analyzed by Expel’s researcher Aaron Walton. The intrusion underscores the sophistication of the malware and its operators, highlighting the vulnerabilities within digital certificate management systems.

Central to the group’s operations is the use of Golden Gh0st RAT, a modified variant of the widely deployed Gh0st RAT by Chinese hacking entities. Delivered using the Golden Gh0st Loader, this malware variant was previously reported in November 2025 by Elastic Security Labs, which detailed its distribution through the RONINGLOADER, a multi-stage loader disguising itself as legitimate software like Google Chrome.

Implications for Cybersecurity

The attack method employed by CylindricalCanine involves the misuse of code-signing certificates to sign their malware, thereby evading detection. DigiCert’s detailed report reveals that the attackers used a customer support channel to deliver a malicious payload via a disguised ZIP file, exploiting a customer-support portal function to access initialization codes necessary for obtaining EV Code Signing certificates.

This breach resulted in the revocation of 60 fraudulently obtained certificates, including those linked to other security authorities. Of particular concern were 27 certificates directly associated with the threat actor, which were used to sign malicious software like Zhong Stealer.

Long-term Cyber Threats

The strategies employed by CylindricalCanine, including the distribution of phishing emails with malicious links, emphasize the ongoing threat posed by such cybercrime groups. The group’s final attack stage involves deploying Golden Gh0st RAT, which possesses capabilities to maintain persistence, exfiltrate data, and execute additional payloads. Targeted applications include popular web browsers and communication tools, underscoring the need for enhanced security measures.

The findings highlight the growing trend of cybercriminals like CylindricalCanine, Black Basta, and others abusing code-signing certificates to further their operations. Cybersecurity firms and organizations must remain vigilant against such evolving threats to protect sensitive information and maintain trust in digital transactions.

The Hacker News Tags:APT, Asia-Pacific, certificate theft, Chinese cybercrime, code-signing certificates, cyber threat, Cybersecurity, CylindricalCanine, DigiCert breach, Expel, Gh0st RAT, GoldenEyeDog, Malware, phishing attack, Web3 security

Post navigation

Previous Post: NadMesh Botnet Exploits AI Services for Cloud Credentials
Next Post: Ransomware Disrupts Fairlife Production in U.S.

Related Posts

Enhancing Cyber Resilience with EDR and MDR Solutions Enhancing Cyber Resilience with EDR and MDR Solutions The Hacker News
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT The Hacker News
CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center The Hacker News
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access The Hacker News
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain The Hacker News
Joomla JCE Vulnerability Exploited for PHP Code Execution Joomla JCE Vulnerability Exploited for PHP Code Execution The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ransomware Disrupts Fairlife Production in U.S.
  • GoldenEyeDog Group Implicated in DigiCert Security Breach
  • NadMesh Botnet Exploits AI Services for Cloud Credentials
  • GPT-5.6 Codex: File Deletion Issue Sparks Security Concerns
  • Armenia Holds Russian Tourist in Extradition Dispute

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ransomware Disrupts Fairlife Production in U.S.
  • GoldenEyeDog Group Implicated in DigiCert Security Breach
  • NadMesh Botnet Exploits AI Services for Cloud Credentials
  • GPT-5.6 Codex: File Deletion Issue Sparks Security Concerns
  • Armenia Holds Russian Tourist in Extradition Dispute

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark