DigiCert Revokes Certificates After Support Portal Hack

The breach at DigiCert underscores the growing risk that supply‑chain attacks pose to the software ecosystem. EV Code Signing certificates are a cornerstone of trust, enabling developers to verify the authenticity of binaries. When malicious actors obtain valid certificates, they can sign malware that bypasses many security controls, as demonstrated by the Zhong Stealer family. This incident highlights how a single compromised support endpoint can cascade into a broader credential‑theft scenario, emphasizing the need for rigorous endpoint protection and continuous monitoring.

DigiCert’s response—revoking 60 certificates within two weeks and tightening internal processes—illustrates best‑practice incident handling for certificate authorities. By enforcing multi‑factor authentication for administrative actions and eliminating proxy access to initialization codes, the firm reduces the attack surface that previously allowed credential harvesting. Limiting file types in support chat and Salesforce attachments further mitigates malware delivery vectors, while enhanced logging provides better forensic visibility. These measures align with industry recommendations for zero‑trust architectures and demonstrate a proactive shift toward defense‑in‑depth.

For enterprises, the episode serves as a reminder to scrutinize the provenance of code‑signing certificates and to implement robust verification of signed binaries. Organizations should adopt certificate transparency monitoring, enforce strict code‑signing policies, and maintain an inventory of trusted CAs. As digital trust frameworks evolve, the onus is on both certificate authorities and their customers to ensure that the issuance and usage of cryptographic credentials remain secure, preserving the integrity of the global software supply chain.