## DigiCert Support Staff Socially Engineered: Attackers Obtain Code-Signing Certificates Used to Sign Malware
DigiCert, one of the world's largest certificate authorities, has disclosed a security breach in which threat actors successfully tricked support staff into executing a malicious file. The attack enabled the adversaries to obtain code-signing certificates that were subsequently weaponized to sign malware, undermining a critical trust mechanism used across the software industry. The incident highlights the persistent vulnerability of human-operated support channels, even at organizations responsible for securing vast portions of internet infrastructure.

According to the investigation, the attackers targeted DigiCert's customer support infrastructure, convincing staff to run a file that granted the threat actors access to internal systems. From there, the intruders requested and received legitimate code-signing certificates—credentials that verify the authenticity and integrity of software. Because these certificates were issued by a trusted root authority, any malware signed with them would appear legitimate to operating systems and security tools that rely on certificate validation. DigiCert subsequently revoked approximately 60 certificates issued during the compromised window, a standard but reactive measure that cannot undo the trust damage already extended to malicious binaries.

Code-signing certificates represent a high-value target because they bypass operating system warnings and endpoint detection systems that might otherwise flag untrusted software. The DigiCert incident underscores how compromising a trusted issuer can have cascading effects across the entire software supply chain. Security researchers have long warned that certificate authority compromise creates asymmetric risk—a single successful intrusion can produce certificates capable of signing unlimited malware, each piece appearing trustworthy by default. Organizations relying on certificate-based trust models now face renewed pressure to implement additional verification layers, including certificate transparency logging and behavioral analysis, to detect abuse stemming from this or similar breaches.
---
- **Source**: Mastodon:mastodon.social:#infosec
- **Sector**: The Vault
- **Tags**: certificate-authority, code-signing, social-engineering, malware, supply-chain-attack
- **Credibility**: unverified
- **Published**: 2026-05-10 18:01:39
- **ID**: 81603
- **URL**: https://whisperx.ai/en/intel/81603