THREATNOIR
Subscribe
Back to Feed
Threat IntelligenceApr 11, 2026

And it was only 2 days ago when I told @SquiblydooBlog about a sample from this APT-Q-27 actors t...

APT-Q-27 malware sample signed with DigiCert certificate issued to Swiss software company.

Read at source

Summary

A threat researcher discovered that APT-Q-27 actors have been using malware samples signed with legitimate DigiCert certificates issued to Brunner Informatik AG, a small Swiss software company founded in 1985. This indicates potential compromise of the company's code-signing credentials or misuse of legitimately issued certificates to evade detection. The discovery was made just days after the researcher had previously reported on related APT-Q-27 activity.

Indicators of Compromise

  • malware — APT-Q-27 malware samples

Entities

APT-Q-27 (threat_actor)DigiCert (vendor)Brunner Informatik AG (vendor)Code Signing Certificates (technology)