Connect with us

Hi, what are you looking for?


Security Infrastructure

Microsoft Revokes Fake Yahoo, Google Certificates Issued After India NIC Hack

Microsoft has updated its Certificate Trust List (CTL) to revoke rogue certificates issued following a breach of India’s National Informatics Center (NIC).

Microsoft has updated its Certificate Trust List (CTL) to revoke rogue certificates issued following a breach of India’s National Informatics Center (NIC).

The NIC is a government agency that holds intermediate Certificate Authority (CA) certificates trusted by the Indian Controller of Certifying Authorities (India CCA).

The India CCA’s certificates are included in Microsoft’s Trusted Root Certification Authorities Store, which means they’re trusted by most Windows applications.

Google reported on Tuesday that it had identified unauthorized digital certificates for several of the company’s domains. Following an investigation by the India CCA, it came to light that the NIC’s issuance process was compromised.

While the India CCA found only four fake certificates, three for Google and one for Yahoo domains, Google said that others existed as well, according to an update made on Wednesday to its initial blog post.

This is confirmed by Microsoft, which announced on Thursday that it has revoked improperly issued certificates for over a dozen Google domains and more than two dozen Yahoo domains, including,,, and

Microsoft says it’s not aware of any attacks in which the certificates are used, but the CTL has been updated for all supporter versions of Windows as a precaution.

Advertisement. Scroll to continue reading.

“The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties. The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks,” Microsoft said in its advisory.

For its part, Google revoked the intermediate CA certificates held by NIC, but because the full extent of the breach has not been determined, the search engine giant also decided to limit the India CCA root certificate to the domains,,,,, and

The changes will be reflected in a future Chrome release.

At the time of writing, the NIC CA is still not issuing certificates. A message posted on the organization’s website informs visitors that operations are not expected to resume any time soon.

While the details of the breach have not been disclosed, according to Google, the first bogus certificate was issued on June 25.

“The use of malicious certificates is another wakeup call for businesses and governments to take action. They cannot trust third party Certificate Authorities (CAs) that their organization now has reason to be trusting. But, browsers, operating systems, enterprise applications, and mobile devices do. Certificate whitelisting makes sure that only those CAs that should be trusted are trusted – all other CAs are removed,” Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told SecurityWeek.

 “Right now, every enterprise should be using certificate whitelisting to make sure the Indian Controller of Certifying Authorities are no longer trusted. Beyond this, enterprises need to be able to respond quickly and remediate. Next time it may be certificates that are issued from a now untrusted CA (as is clearly the case with the Indian CA) or some of their certificates have been compromised and now being missed.”


Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency,...


Identity and access governance vendor Saviynt has closed a $205 million financing round.