DigiCert Revokes Certificates After Support Portal Hack
DigiCert is revoking digital certificates after hackers compromised an internal support portal by infecting an analyst's system via a customer chat channel.
DigiCert has confirmed that its internal systems were breached after a threat actor successfully social-engineered a support team member. The attacker used a customer chat channel to deliver a malicious ZIP file, disguised as a customer screenshot, which contained a screensaver file that, when executed, compromised the analyst's system [Help Net Security].
The breach resulted in the unauthorized issuance of EV Code Signing certificates. As a major Certificate Authority, this compromise is particularly concerning because the stolen certificates could be leveraged by attackers to sign malicious software, making it appear as if the malware originated from a trusted source.
DigiCert has initiated an incident response process and is in the process of revoking the compromised certificates. Customers who have recently received certificates from DigiCert are encouraged to monitor their environments for any signs of unauthorized activity or suspicious code-signing events. Further updates are expected as the investigation continues.