Case Study: Leading International Materials Manufacturer achieves rapid detection and remediation of crimeware signed with a stolen software signing certificate with Red Canary

Detecting Crimeware with a Stolen Software Signing Certificate

Leading International Materials Manufacturer faced an advanced crimeware attack in which a stolen software signing certificate was used to sign a malicious binary masquerading as a Java update, allowing the threat to bypass perimeter defenses. The organization engaged Red Canary and its Managed Endpoint Detection & Response service to record endpoint activity, hunt for threats, and provide SOC analysis.

Red Canary detected an unsigned payload, alerted the customer, then identified a later signed variant and analyzed it as a modified Qbot/Qakbot backdoor; Red Canary’s analysts notified issuer Thawte, which revoked the compromised signing certificate, and the customer remediated the infection. As a result, Red Canary’s detection and SOC response removed the immediate threat, prevented further malicious activity on the customer’s network, and ensured the compromised certificate was revoked.