A group allegedly backed by China has attacked a certificate authority in Asia, as well as multiple government agencies within the region since March, according to a new report from Symantec.
The researchers pointed the blame at a group dubbed Billbug, an advanced persistent threat group (APT) active since at least 2009. Other researchers have identified the group as Lotus Blossom and Thrip.
Symantec Threat Hunter Team Senior Intelligence Analyst Brigid Gorman told The Record that the attack on the certificate authority was especially alarming. If the attackers were successful in compromising it, they could use their access certificates to sign malware with a valid certificate that would allow them to avoid detection on devices.
“It could also potentially use compromised certificates to intercept HTTPS traffic,” Gorman said.