Schouwenberg urged the company to provide more information as soon as possible.

"Given their ties to the government and financial sectors it's extremely important we find out the scope of the breach as quickly as possible," Schouwenberg said. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran's government may have been involved in the theft. Days later, however, a claimed responsibility for stealing the SSL certificates.

Today, Kaspersky's Schouwenberg said "nation-state involvement is the most plausible explanation" for the acquisition of the DigiNotar-issued certificate.