Acquire or compromise 3rd party signing certificates

Code signing is the process of digitally signing executables or scripts to confirm the software author and guarantee that the code has not been altered or corrupted. Users may trust a signed piece of code more than an unsigned piece of code even if they don't know who issued the certificate or who the author is. [1]

ID: T1310

Tactic: Adversary Opsec

Version: 1.0

Similar Techniques by Tactic

TacticTechnique
Establish & Maintain InfrastructureAcquire or compromise 3rd party signing certificates

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will not know what certificates an adversary acquires from a 3rd party. Defender will not know prior to public disclosure if a 3rd party has had their certificate compromised.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: It is trivial to purchase code signing certificates within an organization; many exist and are available at reasonable cost. It is complex to factor or steal 3rd party code signing certificates for use in malicious mechanisms

References

  1. Brad Arkin. (2012, September 27). Inappropriate Use of Adobe Code Signing Certificate. Retrieved March 28, 2017.