DigiCert Revokes Certificates Following Support Portal Security Breach
DigiCert has revoked digital certificates that were stolen from its internal support portal following a malware incident involving a customer support team member. The investigation revealed that the attacker obtained initialization codes for a small number of code signing certificates, some of which were used to sign malware. All compromised certificates were revoked within 24 hours of discovery, with the revocation date backdated to their issuance.
The incident began on April 2nd 2026, when an attacker contacted DigiCert’s support team through a customer chat channel and sent a ZIP file disguised as a screenshot. The file contained a .scr executable with a malicious payload. Existing security measures blocked four delivery attempts, but the fifth attempt successfully infected a support analyst’s machine.
A second machine was compromised two days later. In total, DigiCert revoked 60 certificates.

Blogger at www.systemtek.co.uk
