DigiCert has revoked multiple digital certificates after a cyberattack on its internal support portal allowed threat actors to fraudulently obtain code-signing credentials. The incident highlights risks within trusted certificate infrastructure, which underpins secure communication and software authenticity across the internet.
The breach originated through a social engineering attack, where attackers delivered a malicious file via a customer support chat channel. This payload infected an employee’s system, enabling unauthorized access to DigiCert’s internal support tools and certificate issuance processes.
As a result, attackers were able to obtain Extended Validation (EV) code-signing certificates, some of which were later used to sign malware. In response, DigiCert revoked approximately 60 certificates, including those directly linked to malicious activity as well as additional ones revoked as a precaution.
The company confirmed that all compromised certificates were invalidated quickly after detection, and pending certificate requests were canceled to prevent further misuse.
This incident underscores the critical importance of securing internal workflows and support channels, especially for certificate authorities that serve as the backbone of global digital trust. Even limited access to such systems can have widespread implications, as compromised certificates can be used to distribute malware or impersonate legitimate software.
