"The attack occurred on April 2, when a threat actor targeted DigiCert's support team with a malicious payload delivered via a customer chat channel, disguised as a screenshot."
"Possession of an initialization code, combined with an approved order, is sufficient to obtain the resulting certificate. The threat actor was able to obtain these two pieces of information for a finite set of approved orders."
"By April 17, the company identified and revoked 60 certificates associated with the incident, including 27 explicitly linked to the threat actor."
DigiCert experienced a cyberattack on April 2, where a threat actor used malware to target its support team via a customer chat channel. The malware infected two endpoints, leading to unauthorized access to the internal support portal. This allowed the hackers to obtain EV Code Signing certificates by exploiting the access granted to authenticated support analysts. By April 17, DigiCert revoked 60 certificates linked to the incident, including those used to sign malware. The company found no evidence of misuse of other internal systems beyond the compromised codes.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]