“The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,” Opera warned in a brief advisory.
The Opera breach signals a growing shift by organized hacking groups to target the internal infrastructure network at big companies that provide client side software to millions of end users.
In a recent podcast, Adobe CSO Brad Arkin discussed a recent trend where attackers have shifted to targeting company infrastructure and operations, such as code-signing infrastructure, rather than attacking the software itself. “We’ve gotten to the point where its hard enough to attack our software, that it’s now more attractive for bad guys to attack the engineering infrastructure that we use to build and operate our services and our code than it is to attack the services directly,” Arkin said.
Stolen digital certificates are typically used in targeted attacks to sign malicious files for privilege escalation and lateral movement within an environment following an initial machine compromise.