Back

DigiCert Hacked via Malicious Screensaver File, EV Certificates Stolen

Severity: High (Score: 71.0)

Sources: any.run, News.Risky.Biz, Feeds2.Feedburner, Cybersecuritynews, www.trellix.com

Summary

In April 2026, DigiCert experienced a breach due to a social engineering attack that compromised its tech support team. An attacker tricked two employees into executing a malicious screensaver file, leading to the theft of 27 code signing certificates. These certificates were subsequently used to sign malware, specifically the Zhong Stealer, linked to the GoldenEyeDog cybercrime group. The breach was discovered when a third-party security researcher reported the misuse of the certificates. DigiCert has since revoked the affected certificates and claims to have blocked further access. The incident highlights vulnerabilities in employee training and system configuration, particularly the misconfiguration of the CrowdStrike EDR agent. The attack's full impact is still being assessed, but it involved the unauthorized processing of 60 EV certificate orders. Key Points: • DigiCert was breached through a social engineering attack involving a malicious screensaver file. • 27 code signing certificates were stolen and used to sign malware linked to a known cybercrime group. • The incident was discovered thanks to a third-party security researcher reporting the misuse of certificates.

Key Entities

  • GoldenEyeDog (apt_group)
  • Data Breach (attack_type)
  • DDoS (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Fakestortion (campaign)
  • DigiCert (company)
  • DigitalMint (company)
  • Mediaworks (company)
  • Rockstar Games (company)
  • Sygnia (company)
  • Australia (country)
  • Canada (country)
  • Dominican Republic (country)
  • Hungary (country)
  • Russia (country)
  • CVE-2025-33073 (cve)
  • CVE-2026-24294 (cve)
  • databreaches.net (domain)
  • Zhong Stealer (malware)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • cPanel (platform)
  • Linux (platform)
  • PlayStation 5 (platform)
  • Windows (platform)
  • BlackCat (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed