Incidents

Was DigiNotar’s PKIoverheid CA breached too?

Earlier this week DigiNotar said another audit would be performed and the results of this audit would be made public.

One of the big questions is whether the government CA branch – called DigiNotar PKIoverheid – has also been compromised.

In seeming preparation of these results, the Dutch government has sent out an email to users who’ve been issued a certificate via the DigiNotar PKIoverheid CA. All these companies/services are tied to the government or public services.
Pending the results of this audit the Dutch government is asking PKIoverheid certificate owners to do the following:

– List the PKIoverheid certificates in the organisation.

– List the processes for which these certificates are being used.

– List the consequences in case the PKIoverheid certificates can no longer be trusted.

I think it would be wise at this point for the affected browser makers to start preparing an update which will also denylist DigiNotar’s PKIoverheid CA. Pending the outcome of the audit, of course.

A lot of Dutch government sites and services are going to be affected by the revocation. Clean up is going to be painful.

The Dutch government has used DigiNotar as an intermediary CA in quite a lot of cases. The Dutch government actually has a root CA of their own. It could be leveraged to quickly produce new certificates for affected services.

I hope it’s truly clear now that the Dutch government needs to distance itself from DigiNotar.

Previous blog entries on this matter:
More on DigiNotar and
The bigger issue with the rogue Google SSL cert

Was DigiNotar’s PKIoverheid CA breached too?

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox