By April 17, the company identified and revoked 60 certificates associated with the incident, including 27 explicitly linked to the threat actor. Of these, 11 were reported by the community and were used to sign theZhong Stealermalware family, DigiCert says.“In our investigation, we did not find evidence that the threat actor misused other internal systems other than the Code Signing initialization codes within specific accounts,” the company says.DigiCert says that all certificates potentially linked to this activity were revoked by April 17, and pending orders were canceled to close the attackers’ access.Additionally, the company improved its security and access controls to enforce multi-factor authentication for administrative workflows, prevent access to initialization codes from proxied support users, restrict the file types that can be sent using support chat and Salesforce case attachments, and improve logging.Related:Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak ThreatsRelated:Over 40,000 Servers Compromised in Ongoing cPanel ExploitationRelated:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
“In our investigation, we did not find evidence that the threat actor misused other internal systems other than the Code Signing initialization codes within specific accounts,” the company says.DigiCert says that all certificates potentially linked to this activity were revoked by April 17, and pending orders were canceled to close the attackers’ access.Additionally, the company improved its security and access controls to enforce multi-factor authentication for administrative workflows, prevent access to initialization codes from proxied support users, restrict the file types that can be sent using support chat and Salesforce case attachments, and improve logging.Related:Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak ThreatsRelated:Over 40,000 Servers Compromised in Ongoing cPanel ExploitationRelated:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
DigiCert says that all certificates potentially linked to this activity were revoked by April 17, and pending orders were canceled to close the attackers’ access.Additionally, the company improved its security and access controls to enforce multi-factor authentication for administrative workflows, prevent access to initialization codes from proxied support users, restrict the file types that can be sent using support chat and Salesforce case attachments, and improve logging.Related:Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak ThreatsRelated:Over 40,000 Servers Compromised in Ongoing cPanel ExploitationRelated:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Additionally, the company improved its security and access controls to enforce multi-factor authentication for administrative workflows, prevent access to initialization codes from proxied support users, restrict the file types that can be sent using support chat and Salesforce case attachments, and improve logging.Related:Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak ThreatsRelated:Over 40,000 Servers Compromised in Ongoing cPanel ExploitationRelated:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Related:Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak ThreatsRelated:Over 40,000 Servers Compromised in Ongoing cPanel ExploitationRelated:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Related:Over 40,000 Servers Compromised in Ongoing cPanel ExploitationRelated:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Related:FBI Warns of Surge in Hacker-Enabled Cargo TheftRelated:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Related:Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Ionut Arghire is an international correspondent for SecurityWeek.
With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.
Source: SecurityWeek
