“reports submitted by community members linking them to malware, while 16 were identified during the company ’ s internal investigation. the rest were pulled as a precaution, as customer control could not be confirmed. all were revoked within 24 hours of discovery, and pending ord…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.003Code Signing Certificates
79%
“##ization codes for orders that were approved but pending delivery. ” while several delivery attempts were blocked, the attacker ultimately compromised two support systems, gaining access to internal tools. the first compromised system was identified and contained within 24 hours…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
41%
“##ization codes for orders that were approved but pending delivery. ” while several delivery attempts were blocked, the attacker ultimately compromised two support systems, gaining access to internal tools. the first compromised system was identified and contained within 24 hours…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
31%
“##ization codes for orders that were approved but pending delivery. ” while several delivery attempts were blocked, the attacker ultimately compromised two support systems, gaining access to internal tools. the first compromised system was identified and contained within 24 hours…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the support team via a customer chat channel and delivered a malicious ZIP file disguised as a customer screenshot, which contained … More →