The DigiCert Breach That Exposed a Hidden Chinese Hacker Subgroup

·
Listen to this article~4 min
The DigiCert Breach That Exposed a Hidden Chinese Hacker Subgroup

Cybersecurity researchers trace the April 2026 DigiCert breach to CylindricalCanine, a subgroup of Chinese cybercrime group GoldenEyeDog. Learn how code-signing certificate theft threatens internet trust.

Cybersecurity researchers have linked the April 2026 DigiCert security incident to a new threat activity cluster they're calling CylindricalCanine. This isn't just another data breach story—it's a peek into how sophisticated cybercrime groups operate behind the scenes. Expel, the security firm that shared the technical details, says CylindricalCanine is actually a sub-group of GoldenEyeDog. You might know GoldenEyeDog by other names like APT-Q-27, Dragon Breath, or Miuuti Group. They're a Chinese cybercrime outfit that's been around for a while, mostly targeting the gambling and gaming industries. ### What Actually Happened at DigiCert? DigiCert is one of the biggest certificate authorities in the world. They issue digital certificates that websites and software use to prove they're legitimate. Think of it like a digital ID card for the internet. When a breach like this happens, the attackers can steal code-signing certificates—basically getting keys to the kingdom. With those certificates, hackers can make their malware look like it came from trusted companies like Microsoft or Google. That's why this breach is such a big deal. It's not just about stolen data; it's about weaponizing trust. ### Who Is GoldenEyeDog? GoldenEyeDog has been active for years, but they're not as famous as some other Chinese threat groups. They focus on: - Targeting online gambling platforms to steal money and user data - Infiltrating gaming companies to grab source code and payment info - Using custom malware that's hard to detect They're known for being patient and methodical. They don't just smash and grab—they set up long-term access inside networks. ### Why CylindricalCanine Matters This sub-group appears to be more specialized. Instead of going after gambling sites, they went after the infrastructure that everyone trusts. It's like robbing the bank that holds all the other banks' money. "This is a significant escalation," says Emily Davis, Head of Digital Privacy at Antidetectbrowsershub. "When certificate authorities get compromised, the entire internet's trust model is at risk. We're talking about potential man-in-the-middle attacks on a massive scale." ### What This Means for You If you're running a business that relies on code-signing or SSL certificates, this should be a wake-up call. Here's what you can do: - Monitor your certificate inventory closely - Revoke and reissue any certificates that might have been compromised - Use multi-factor authentication for your certificate management systems - Consider using antidetect browsers for sensitive operations to reduce your digital fingerprint ### The Bigger Picture This breach shows that cybercriminals are getting more creative. They're not just breaking into companies anymore—they're breaking into the companies that validate trust for everyone else. The attack on DigiCert might be just the beginning of a larger trend. As Davis puts it: "We're seeing threat actors move upstream. Instead of attacking individual targets, they're attacking the infrastructure that those targets rely on. It's a smarter, more dangerous approach." Stay vigilant, keep your systems updated, and don't assume that any certificate is safe just because it came from a trusted authority.