Chinese Hacking Group APT41 Attacks 100+ Companies Across The Globe – Expert Source/Comments

On Wednesday, September 16th, the Department of Justice announced that Chinese hackers from a group called APT41 hacked into at least 100 companies in the U.S and worldwide. The series of attacks involved the theft and abuse of code-signing certificates – yet another textbook example of the need to protect and manage keys and certificates, especially those used to sign code.


EXPERTS COMMENTS
Chris Hickman, Chief Security Officer,  Keyfactor
September 18, 2020
Very few organizations have any idea of the number of code signing certificate that are in use.
All too often, code signing certificates are treated as an inconvenient requirement of building software and not given the necessary care and security controls. Code signing keys are usually kept on build machines or developer computers with no additional security or controls to protect them. If the machine can be accessed by stolen or hijacked credentials, the keys can be removed from that machin ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article