A lesser-known cyber-espionage group known as BlackTech has been caught using a stolen D-Link certificate to sign malware deployed in a recent campaign. BlackTech operators used the stolen cert to sign two malware payloads the first is the PLEAD backdoor, while the second is a nondescript password stealer. The group’s targets for these most recent attacks were again located in East Asia, particularly in Taiwan. The certificate was being used to secure the web panel of mydlink IP cameras.
Source: https://www.bleepingcomputer.com/news/security/blacktech-apt-steals-d-link-cert-for-cyber-espionage-campaign/