Back

DigiCert Hacked via Social Engineering, 27 Code Signing Certificates Stolen

Severity: High (Score: 69.5)

Sources: News.Risky.Biz, Feeds2.Feedburner, any.run, www.trellix.com

Summary

DigiCert experienced a security breach due to a social engineering attack that compromised its tech support team. The attacker gained access to DigiCert's backend and stole 27 code signing certificates, which were subsequently used to sign malware. The incident occurred last month when the attacker posed as a customer and tricked employees into executing a malicious SCR file. DigiCert reported that the attack was partially mitigated, with access maintained for less than a day on one system and almost two weeks on another due to a misconfigured EDR agent. During this time, the attacker accessed tech support tickets for EV certificates, leading to the unauthorized issuance of certificates. The stolen certificates were used to deliver the Zhong Stealer malware, linked to the GoldenEyeDog APT group. DigiCert managed to revoke the compromised certificates after being alerted by a third-party security researcher. The incident highlights vulnerabilities in tech support operations and the risks associated with social engineering. Key Points: • DigiCert was breached via a social engineering attack targeting its tech support team. • 27 code signing certificates were stolen and used to sign malware, including Zhong Stealer. • A misconfigured EDR agent allowed the attacker to maintain access for nearly two weeks.

Key Entities

  • GoldenEyeDog (apt_group)
  • Data Breach (attack_type)
  • DDoS (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Fakestortion (campaign)
  • DigiCert (company)
  • DigitalMint (company)
  • Mediaworks (company)
  • Rockstar Games (company)
  • Sygnia (company)
  • Australia (country)
  • Canada (country)
  • Dominican Republic (country)
  • Hungary (country)
  • Russia (country)
  • CVE-2025-33073 (cve)
  • CVE-2026-24294 (cve)
  • databreaches.net (domain)
  • Zhong Stealer (malware)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • cPanel (platform)
  • Linux (platform)
  • PlayStation 5 (platform)
  • Windows (platform)
  • BlackCat (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed