GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Summary
Cybersecurity researchers have linked the April 2026 DigiCert security incident to a threat group named CylindricalCanine. This group is identified as a subgroup of GoldenEyeDog, a Chinese cybercrime entity previously associated with targeting the gambling and gaming industries.
IFF Assessment
This is bad news for defenders as it reveals a sophisticated threat actor targeting a critical infrastructure provider like DigiCert, resulting in the theft of code-signing certificates.
Defender Context
The compromise of DigiCert and the theft of code-signing certificates is a significant concern for defenders. This incident highlights the risks associated with supply chain attacks, as stolen certificates can be used to sign malicious software, making it appear legitimate and bypass security controls. Defenders should remain vigilant about software provenance and implement strict controls on accepting signed binaries from untrusted sources.