By Interestana AI Editorial — AI-drafted, human-overseen. How we report
GoldenEyeDog Subgroup Linked to DigiCert Breach

Cybersecurity researchers have linked the April 2026 DigiCert security incident to a threat activity cluster named CylindricalCanine. Expel, a cybersecurity firm that published technical details of the breach, identified CylindricalCanine as a subgroup of GoldenEyeDog. This Chinese cybercrime group is also known by several other monikers, including APT-Q-27, Dragon Breath, and Miuuti Group. GoldenEyeDog has a history of targeting the gambling and gaming industries, employing sophisticated techniques to achieve its objectives.
The breach at DigiCert, a prominent provider of digital certificates, resulted in the theft of code-signing certificates. These certificates are crucial for verifying the authenticity and integrity of software. Their compromise can enable attackers to distribute malicious software that appears to be legitimate, thereby bypassing security measures and deceiving users. The specific methods used by CylindricalCanine to infiltrate DigiCert's systems and exfiltrate the certificates are still under detailed analysis by security experts.
Expel's analysis highlighted that the threat actor leveraged advanced tactics, techniques, and procedures (TTPs) to gain unauthorized access and execute the theft. The attribution to GoldenEyeDog's subgroup suggests a potential expansion of the group's operational scope beyond its previously identified targets. The theft of code-signing certificates poses a significant risk to the software supply chain, potentially impacting numerous downstream users and organizations that rely on DigiCert's services for software validation. The ongoing investigation aims to fully understand the extent of the compromise and to implement robust countermeasures.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.