SSL certificate acquisition for trust breaking

Fake certificates can be acquired by legal process or coercion. Or, an adversary can trick a Certificate Authority into issuing a certificate. These fake certificates can be used as a part of Man-in-the-Middle attacks. [1]

ID: T1338
Sub-techniques:  No sub-techniques
Tactic: Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: The certificate authority who is hacked cannot easily see they've been compromised, but [ Google] has caught on to this occurring in previous attacks such as DigiNotarDigiNotar2016 and [ Verisign].

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: One example of it occurring in the real world is the DigiNotarDigiNotar2016 case. To be able to do this usually requires sophisticated skills and is traditionally done by a nation state to spy on its citizens.


  1. Ryan Singel. (2010, March 24). Law Enforcement Appliance Subverts SSL. Retrieved March 2, 2017.