Cybersecurity researchers at Expel attributed the April 2026 DigiCert breach to CylindricalCanine, a subgroup operating under the GoldenEyeDog umbrella. GoldenEyeDog, tracked under multiple aliases including APT-Q-27, Dragon Breath, and Miuetti Group, operates as a Chinese cybercrime outfit with a documented history targeting gambling and gaming sectors.
The breach exposed DigiCert's code-signing certificate infrastructure. Threat actors leveraged stolen certificates to sign malware, lending false legitimacy to malicious code. This technique bypasses security controls that trust signed executables, allowing malware distribution across enterprise networks with reduced detection friction.
Code-signing certificates function as digital passports for software. When criminals obtain legitimate certificates from trusted Certificate Authorities like DigiCert, they weaponize that trust. Organizations relying on code signature validation as a security gate become vulnerable. The stolen certificates enable attackers to distribute trojans, backdoors, and other payloads that appear legitimate to Windows SmartScreen, ESET, Norton, and other endpoint security tools.
GoldenEyeDog's historical focus on gaming and gambling suggests operational interest in high-value targets within those verticals. These sectors maintain significant cryptocurrency reserves and process large transaction volumes, making them attractive for theft and extortion operations. The addition of code-signing capabilities expands the group's attack surface beyond their traditional phishing and credential-based intrusions.
Organizations using DigiCert certificates should immediately audit code-signing infrastructure and revocation lists. Security teams need to identify any suspicious signed binaries executed during the compromise window. Endpoint detection tools should flag unsigned or unusually-signed executables as high-priority alerts. DigiCert issued revocation notices for compromised certificates, but legacy systems may still trust outdated certificate chains
