A state-sponsored group alleged to be in China attacked an Asian country’s certificate authority and several Asian government agencies.

A group allegedly backed by China has attacked a certificate authority in Asia, as well as multiple government agencies within the region since March, according to a new report from Symantec.

The researchers pointed the blame at a group dubbed Billbug, an advanced persistent threat group (APT) active since at least 2009. Other researchers have identified the group as Lotus Blossom and Thrip.

Symantec Threat Hunter Team Senior Intelligence Analyst Brigid Gorman told The Record that the attack on the certificate authority was especially alarming. If the attackers were successful in compromising it, they could use their access certificates to sign malware with a valid certificate that would allow them to avoid detection on devices.

“It could also potentially use compromised certificates to intercept HTTPS traffic,” Gorman said.

netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎


  1. Follow the golden rule, do unto others as you would have done unto you
  2. Smut, Porn, Gore etc. will result in Ban without warning
  3. No Spamming, Trolling or Unsolicited Ads (There are marketplaces in matrix and telegram you can use)
  4. Stay on topic in a community. If you would like a new community made, reach out to an admin and the creation of a net new community can be discussed.
  • 0 users online
  • 1 user / day
  • 2 users / week
  • 3 users / month
  • 3 users / 6 months
  • 20 subscribers
  • 21 Posts
  • 1 Comment
  • Modlog