Skip to main content
banner image
venafi logo

New Study on Code Signing Certificates as Supply Chain Attack Targets

New Study on Code Signing Certificates as Supply Chain Attack Targets

November 18, 2021 | Alexa Hernandez

APT41 is a state-backed Chinese hacking group, also known as the Winnti Group, set apart from similar threat groups in how they leverage malware generally used for espionage for financial gain. How do they do it? APT41 targets vulnerable code signing keys and certificates to steal money, data, and more. New Venafi research dives deep into what industries are being targeted, how they perform these heinous attacks, and more.

Get the FREE White Paper on Code Signing Abuse in Supply Chain Attacks
How is APT41 launching supply chain attacks?

APT41’s most frequent method of attack is to compromise the supply chain via compromised code signing certificates. As Venafi Threat Intelligence Specialist Yana Blachman explains, this duplicity “allow malicious code to appear authentic and evade security controls. The success of attacks using this model over the last decade has created a blueprint for sophisticated attacks that have been highly successful because they are very difficult to detect.”

One tactic APT41 continues to employ is compromising the supply chain of a major commercial vendor, as this essentially grants them an entire pool of companies they can choose to attack at their leisure. After infecting their chosen targets with secondary malware, APT41 uses stolen credentials to move laterally across their networks, stealing intellectual property, sensitive customer data, and more.

Kevin Bocek, Venafi Vice President of Security Strategy and Threat Intelligence, notes that today’s attackers are “disciplined, highly skilled software developers, using the same tools and techniques as the good guys”. “They recognize that vulnerabilities in the software build environment are easy to exploit, and they’ve spent years developing, testing and refining the tools needed to steal code signing machine identities. This research should set off alarms with every executive and board because every business today is a software developer. We need to get a lot more serious about protecting code signing machine identities.”

At the heart of this scheme are stolen code signing machine identities, without which gaining unauthorized network access would be impossible. APT41 is managing a library of stolen or purchased code signing keys and certificates, and selling them for up to $1,200 each on the dark web.

How can you protect your machine identities?

One consequence of these attacks that must be considered is the potential for copycats. The success APT41 has had targeting code signing certificates means that other threat groups will inevitably seek financial gain using that same method. What does this mean for you?

Your security team needs to do a complete overhaul of all machine identity protection strategies to identify and correct any vulnerabilities, particularly around code signing certificates. Yana Blachman urges all software providers to “be aware of this threat and take steps to protect their software development environments.”

Venafi CodeSign Protect is an all-in-one machine identity management solution for your code signing keys and certificates. Insecure private keys, rogue software teams, and lack of policy enforcement will soon be a thing of the past as you kickstart your digital transformation. Information is power, and an in-depth understanding of the latest code signing compromise techniques could be what saves your network from a financially devastating cyber-attack.

Download the free whitepaper to learn more about protecting your code signing machine identities from supply chain attacks!

Like this blog? We think you will love this.
Featured Blog

What Is the Difference Between a Public Key and a Private Key?

Symmetric and asymmetric encryption

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Alexa Hernandez
Alexa Hernandez

Alexa is the Web Marketing Specialist at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more