A subgroup of the Chinese cybercrime group GoldenEyeDog has been linked to the April 2026 security incident at DigiCert, a prominent certificate authority. This subgroup, known as CylindricalCanine, was identified by researchers at Expel, who provided technical details of the breach. The attack resulted in the theft of code-signing certificates, which could be used to sign malicious software and make it appear legitimate. The GoldenEyeDog group, also known as APT-Q-27, Dragon Breath, and Miuuti Group, is known for targeting the gaming and gambling sectors. The fact that a state-aligned threat actor is involved in this breach raises the stakes, with implications extending beyond the immediate target1. This incident highlights the need for organizations to be vigilant about the potential for state-sponsored attacks, which can have significant geopolitical consequences.
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
⚡ High Priority
Why This Matters
State-aligned threat activity raises the calculus from criminal to geopolitical — implications extend beyond the immediate target.
References
- The Hacker News. (2026, July 17). GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft. *The Hacker News*. https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html
Original Source
The Hacker News
Read original →