A certificate authority in Asia has been observed being targeted by a Chinese state-sponsored cyberespionage group known as Billbug, according to a Symantec report.
Billbug is an advanced persistent threat (APT) actor that is also known by the names Lotus Blossom and Thrip. It primarily targets American and Southeast Asian targets. It is thought to have been operational at least since 2009. The group began targeting various Asian organizations in March 2022, including a certificate authority, a government agency, and defense agencies.
However, the security firm claims that there is no proof that the threat actor has succeeded in compromising digital certificates.