Hackers Use Social Engineering Tactics to Obtain Fake SSL Certificates from DigiCert

Vaibhav May 10, 2026
www.news4hackers.com-hackers-use-social-engineering-tactics-to-obtain-fake-ssl-certificates-from-digicert-hackers-use-social-engineering-tactics-to-obtain-fake-ssl-certificates-from-digicert
Post Views: 1

Malicious Support Chat Attachment Enables Hackers to Issue Fake Certificates for Malware

In April 2026, the support team at DigiCert, a prominent Certificate Authority, fell victim to a sophisticated phishing attack. The attackers exploited a vulnerability in the company’s chat platform to obtain two EV Code Signing certificates, which were subsequently used to sign the Zhong Stealer malware.

The Attack Unfolds

According to an internal investigation conducted by DigiCert, the attackers contacted a support agent via a chat channel and sent a ZIP file purportedly containing a screenshot. However, the file actually contained a malicious executable named k3.exe. Despite internal security measures flagging the threat multiple times, the support agent persisted in opening the file, eventually compromising the workstation known as ENDPOINT1.

According to the report, “The attackers demonstrated a high level of sophistication in exploiting the vulnerability, taking advantage of the support agent’s trust and using social engineering tactics to manipulate them into opening the malicious file.”

Persistent Threats

An analysis of the incident revealed that a malfunctioning CrowdStrike sensor on another machine, ENDPOINT2, had created a gap in the company’s Endpoint Detection and Response (EDR), allowing the attackers to bypass security measures and access an internal support portal. From here, they obtained initialization codes for certificate orders, which enabled them to issue their own valid EV Code Signing certificates.

“The hackers used Okta FastPass to maintain persistence on the compromised systems, avoiding additional authentication checks,” the report stated.

Damage Control

The attackers breached the system 27 times before being detected, resulting in the revocation of 60 certificates. On April 17, 2026, DigiCert took steps to mitigate the damage, including blocking .scr files in chats and masking sensitive codes in their portal. The company acknowledged that it was fortunate that an independent researcher alerted them to the issue, as it prevented further potential harm.

  • The incident highlights the importance of robust security measures and vigilance in preventing attacks on Certificate Authorities.
  • Companies must remain vigilant against sophisticated threats and invest in robust security measures to prevent such incidents.
  • Regular updates and patches are essential to stay ahead of emerging threats.



About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-malkajgiri-police-crack-down-on-investment-scam-arrest-two-individuals-malkajgiri-police-crack-down-on-investment-scam-arrest-two-individuals

Malkajgiri Police Crack Down on Investment Scam, Arrest Two Individuals

Vaibhav May 10, 2026
www.news4hackers.com-ayushman-bharat-fraud-prevention-saves-630-crore-through-effective-countermeasures-ayushman-bharat-fraud-prevention-saves-630-crore-through-effective-countermeasures

Ayushman Bharat Fraud Prevention Saves ₹630 Crore Through Effective Countermeasures

Vaibhav May 10, 2026
www.news4hackers.com-hackers-compromise-jdownloader-website-to-distribute-malware-via-download-installs-hackers-compromise-jdownloader-website-to-distribute-malware-via-download-installs

Hackers Compromise JDownloader Website to Distribute Malware via Download Installs

Vaibhav May 10, 2026

Latest Cyber Security News

www.news4hackers.com-hackers-use-social-engineering-tactics-to-obtain-fake-ssl-certificates-from-digicert-hackers-use-social-engineering-tactics-to-obtain-fake-ssl-certificates-from-digicert

Hackers Use Social Engineering Tactics to Obtain Fake SSL Certificates from DigiCert

Vaibhav May 10, 2026
www.news4hackers.com-police-shut-down-dark-web-marketplace-reboot-admin-arrested-police-shut-down-dark-web-marketplace-reboot-admin-arrested

Police Shut Down Dark Web Marketplace Reboot, Admin Arrested

Vaibhav May 10, 2026
www.news4hackers.com-malkajgiri-police-crack-down-on-investment-scam-arrest-two-individuals-malkajgiri-police-crack-down-on-investment-scam-arrest-two-individuals

Malkajgiri Police Crack Down on Investment Scam, Arrest Two Individuals

Vaibhav May 10, 2026
www.news4hackers.com-ayushman-bharat-fraud-prevention-saves-630-crore-through-effective-countermeasures-ayushman-bharat-fraud-prevention-saves-630-crore-through-effective-countermeasures

Ayushman Bharat Fraud Prevention Saves ₹630 Crore Through Effective Countermeasures

Vaibhav May 10, 2026
www.news4hackers.com-2-doctor-appointment-fee-sparks-massive-online-scam-in-badaun-india-2-doctor-appointment-fee-sparks-massive-online-scam-in-badaun-india

₹2 Doctor Appointment Fee Sparks Massive Online Scam in Badaun, India

Vaibhav May 10, 2026
en_USEnglish
en_USEnglish