{"id":35175,"date":"2014-05-02T20:45:22","date_gmt":"2014-05-03T03:45:22","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=35175"},"modified":"2025-06-05T19:00:58","modified_gmt":"2025-06-06T02:00:58","slug":"stolen-certificates-shiqiang-gang","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/","title":{"rendered":"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang"},"content":{"rendered":"<p><em><span style=\"font-size: 14px; line-height: 1.5em;\">This blog post was written by Rahul Mohandas.<\/span><\/em><\/p>\n<p><span style=\"font-size: 14px; line-height: 1.5em;\">The trend of attackers using stolen digital certificates to disguise their malicious executables is on the rise. The Shiqiang group is known to employ spear-phishing attacks against nongovernmental organizations along with a history of using stolen digital certificates in their campaigns. One of the malicious signed binaries comes as part of a doc file that exploits the CVE-2012-0158 vulnerability.\u00a0<\/span><\/p>\n<p><span style=\"font-size: 14px; line-height: 1.5em;\">The graph below highlights the timeline of the attack, ordered by the compiler-generated time stamp of the binary. The first known binary is identified as a prototype and the similarity is calculated based on the assembly code of all the variants. It is interesting to observe the trend and the modifications that have gone into the variants.<\/span><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-35196\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg\" alt=\"05022014_timeline\" width=\"844\" height=\"438\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/05022014_timeline.jpg 844w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/05022014_timeline-300x155.jpg 300w\" sizes=\"auto, (max-width: 844px) 100vw, 844px\" \/><\/a><\/p>\n<p>The group has been very active since July 2013 and is known to use two valid digital certificates as part of their campaign.<\/p>\n<ul>\n<li>Zhengzhou hanJiang Electronic Technology Co., Ltd. Expires 9\/1\/2013<\/li>\n<li>Jiangxi you ma chuang da Software Technology Co., Ltd. Expires 12\/14\/2014<\/li>\n<\/ul>\n<figure id=\"attachment_35181\" aria-describedby=\"caption-attachment-35181\" style=\"width: 384px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/02052014_digsig.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-35181\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/02052014_digsig.jpg\" alt=\"Valid digital certificate\" width=\"384\" height=\"473\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/02052014_digsig.jpg 384w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/02052014_digsig-243x300.jpg 243w\" sizes=\"auto, (max-width: 384px) 100vw, 384px\" \/><\/a><figcaption id=\"caption-attachment-35181\" class=\"wp-caption-text\">Valid digital certificate<\/figcaption><\/figure>\n<p><span style=\"line-height: 1.5em;\">These certificates were issued by Thawte and Versign, respectively. Although the first certificate expired in September 2013, the second certificate is still valid and actively used in the campaigns.<\/span><\/p>\n<p>The threat vector is a doc file that exploits the CVE-2012-0158 vulnerability and contains a decoy document. Upon execution in a vulnerable environment, the doc file drops an embedded executable (kav.exe) that is digitally signed, which in turn drops another DLL file that is signed by the same digital certificate.<\/p>\n<p>Kav.exe drops two files in %Allusersprofile%\\Application Data\\Microsoft\\Network:<\/p>\n<ul>\n<li>M<span style=\"line-height: 1.5em;\">snetwork.dll<\/span><\/li>\n<li><span style=\"line-height: 1.5em;\">Encrypt.dat<\/span><\/li>\n<\/ul>\n<p style=\"text-align: left;\">Msnetwork.dll is registered as a layered service provider (LSP). By inserting itself to the LSP chain, the dll can be loaded whenever an application uses winsock. Once in the stack, an LSP can intercept and modify inbound and outbound Internet traffic. Msnetwork.dll\u00a0checks the host process it is being loaded into and injects aesen.dat and desen.dat into explorer.exe.<\/p>\n<p><span style=\"font-size: 14px; line-height: 1.5em;\">Encrypt.dat is an XOR-encrypted file that contains the list of control servers.\u00a0If the malware can connect to any one of the control servers mentioned in encrypt.dat, it receives additional commands from the server.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/02052014_socket.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-35193\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/02052014_socket.jpg\" alt=\"02052014_socket\" width=\"602\" height=\"276\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/02052014_socket.jpg 602w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/02052014_socket-300x137.jpg 300w\" sizes=\"auto, (max-width: 602px) 100vw, 602px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14px; line-height: 1.5em;\">The malware injects pskyen.dat into the skype.exe process to monitor communications.\u00a0It can also clean up the infection to erase any traces.<\/span><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/02052014_commands.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-35190\" title=\"Supported commands\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/02052014_commands.jpg\" alt=\"02052014_commands\" width=\"602\" height=\"379\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/02052014_commands.jpg 602w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/02052014_commands-300x188.jpg 300w\" sizes=\"auto, (max-width: 602px) 100vw, 602px\" \/><\/a><\/p>\n<h2>Some of the other known remote server addresses in this campaign:<\/h2>\n<ul>\n<li>61.128.110[.]137<\/li>\n<li>tibetcongress.oicp[.]net<\/li>\n<li>60.13.176[.]25<\/li>\n<li>220.171.94[.]50<\/li>\n<li>newyorkonlin[.]com<\/li>\n<\/ul>\n<p>McAfee Advanced Threat defense provides zero-day protection against the malicious doc file based on its behavior.<\/p>\n<p><em>I would like to thank Saravanan Mohankumar for his assistance in this research.<\/em><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious&#8230;<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,3952],"coauthors":[3973],"class_list":["post-35175","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-internet-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Targeted Attacks, Stolen Certificates, and the Shiqiang Gang | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious executables is on the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious executables is on the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-05-03T03:45:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T02:00:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/05022014_timeline.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"844\" \/>\n\t<meta property=\"og:image:height\" content=\"438\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang\",\"datePublished\":\"2014-05-03T03:45:22+00:00\",\"dateModified\":\"2025-06-06T02:00:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/\"},\"wordCount\":446,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg\",\"keywords\":[\"computer security\",\"cybercrime\",\"internet security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/\",\"name\":\"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg\",\"datePublished\":\"2014-05-03T03:45:22+00:00\",\"dateModified\":\"2025-06-06T02:00:58+00:00\",\"description\":\"This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious executables is on the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang | McAfee Blog","description":"This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious executables is on the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang | McAfee Blog","og_description":"This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious executables is on the","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-05-03T03:45:22+00:00","article_modified_time":"2025-06-06T02:00:58+00:00","og_image":[{"width":844,"height":438,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/05022014_timeline.jpg","type":"image\/jpeg"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang","datePublished":"2014-05-03T03:45:22+00:00","dateModified":"2025-06-06T02:00:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/"},"wordCount":446,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg","keywords":["computer security","cybercrime","internet security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/","name":"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg","datePublished":"2014-05-03T03:45:22+00:00","dateModified":"2025-06-06T02:00:58+00:00","description":"This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious executables is on the","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/05022014_timeline.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/stolen-certificates-shiqiang-gang\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Targeted Attacks, Stolen Certificates, and the Shiqiang Gang"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/35175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=35175"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/35175\/revisions"}],"predecessor-version":[{"id":215155,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/35175\/revisions\/215155"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=35175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=35175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=35175"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=35175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}