Colleagues, I’d like to draw your attention to the DigiCert attack and the theft of code-signing certificates

Colleagues, I’d like to highlight a cybersecurity incident: I came across a report on the compromise of DigiCert and the theft of code-signing certificates.
According to the investigation, the attack is attributed to the GoldenEyeDog subgroup, which has been linked to phishing, screenshot file tampering, and DLL sideloading chains.
The attackers gained access via support, extracted customer certificates, and used them to sign malware.
As a result, dozens of certificates were revoked, and the campaign has been linked to Golden Gh0st RAT and data theft.
Why this matters: this scenario undermines not only one vendor, but trust in the software supply chain.
Do you review how support processes and code-signing are protected?
#cybersecurity #DigiCert #phishing #malware


Latest comments
No comments yet.