DigiCert, Inc.
April 2, 2026
•[ social engineering, malicious ZIP file, EV code-signing certificates ]
A threat actor used DigiCert's customer support channel on April 2, 2026 to deliver a malicious ZIP file disguised as a customer screenshot, compromising two DigiCert support analyst systems. The attacker used analyst-level access to pivot into DigiCert's internal support portal and obtain initialization codes for approved EV code-signing certificate orders across specific customer accounts. DigiCert revoked 60 associated certificates by April 17, including 27 explicitly linked to the threat actor and 11 reported as used to sign Zhong Stealer malware; the specific perpetrator was not publicly identified.
