TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

GBHackers

DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates

Divya · 1 day ago · Read original ↗

ATT&CK techniques detected

2 predictions
T1588.003Code Signing Certificates
97%
“portal once the hackers gained control of the compromised computer, they accessed digicert ’ s internal support portal. they utilized a specific support tool that allows analysts to view accounts from a customer ’ s perspective. while this access was restricted and did not allow …”
T1588.003Code Signing Certificates
48%
“digicert hacked in screensaver - based attack to fraudulently obtain ev code signing certificates digicert, a major certificate authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 extended validation ( ev ) code s…”

Summary

DigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the “Zhong Stealer” malware, allowing the malicious files to bypass security warnings by appearing as legitimate software. The incident […]

The post DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.