Post-quantum-cryptography certificate-migration phishing — impersonates a public Certificate Authority (Let's Encrypt, DigiCert, Sectigo, Entrust, GlobalSign, GoDaddy SSL, GeoTrust, Thawte, RapidSSL, ZeroSSL, IdenTrust, Comodo, Cloudflare Origin CA) with a "migrate your certificate to PQC / CNSA 2.0 mandate / ML-KEM / ML-DSA / hybrid-certificate renewal" narrative + credential-harvesting link on a non-CA host. Low-volume, very-high-impact: compromised CA admin credentials = fraudulent cert issuance for arbitrary domains = full MITM capability. Shipped into the NIST FIPS 203/204/205 + CNSA 2.0 (2025-2027) PQC transition window when IT admins are unfamiliar with the actual migration process. Evidence: NIST + NSA CNSA 2.0 timeline; Cloudflare / DigiCert / Sectigo / Let's Encrypt / Entrust 2025-2026 PQC roadmap posts; Bleeping Computer + The Register early-PQC-phish-wave coverage

Post-quantum-cryptography (PQC) certificate-migration phishing that hit the threat landscape in earnest through 2025-2026 as the NIST + NSA CNSA 2.0 transition timeline ramped up. NIST finalized the first PQC standards in August 2024 (FIPS 203 ML-KEM for key encapsulation, FIPS 204 ML-DSA for digital signatures, FIPS 205 SLH-DSA as a conservative backup signature scheme). The NSA's CNSA 2.0 policy mandates adoption by 2027 for US national security systems with a transition window that is already active for federal agencies and regulated enterprises. The public Certificate Authority ecosystem (Let's Encrypt, DigiCert, Sectigo, Entrust, GlobalSign, GoDaddy SSL, GeoTrust, Thawte, RapidSSL, ZeroSSL, IdenTrust, Comodo, Cloudflare Origin CA) is in the middle of rolling out PQC + hybrid-certificate support, which means IT admins globally are in the "we need to do something about PQC but aren't sure what" window — prime phishing conditions. Attackers impersonate a public CA with a migration narrative — "your certificate must be migrated to post-quantum cryptography," "CNSA 2.0 compliance deadline approaching," "re-verify your certificate with ML-DSA signatures," "your certificate has been flagged for hybrid-certificate renewal," "PQC migration required before revocation" — plus a credential-harvesting link on a typosquat host (letsencrypt-pqc-portal.example, digicert-cnsa2-reverify.example). Compromised CA admin credentials are catastrophic: the attacker can issue fraudulent certificates for any domain the compromised account controls, enabling full man-in-the-middle attacks on web traffic + email + VPN + any TLS-protected service. Low-volume attack (the target pool is admins at organizations with public CA accounts, not consumers), but each successful compromise is high-impact enough to justify the signal slot. Evidence: NIST SP 800-208 + FIPS 203/204/205 August 2024; NSA CNSA 2.0 2022 document with 2027 mandatory-adoption timeline; Cloudflare 2025 PQC migration planning post; DigiCert 2025-2026 PQC roadmap; Sectigo, Let's Encrypt, Entrust engineering-blog posts on PQC support timelines; Bleeping Computer + The Register 2025-2026 coverage of early PQC phishing waves targeting government contractors. Distinguishing fingerprint: a CA brand name + PQC-specific vocabulary (post-quantum, ML-KEM, ML-DSA, Kyber, Dilithium, CNSA 2.0, hybrid certificate) + a sign-in link NOT at the real CA's domain. Legitimate CA communications link exclusively to their own domain (letsencrypt.org, digicert.com, sectigo.com, entrust.com, globalsign.com, etc.). Any "your certificate needs PQC migration" email whose sign-in link is hosted elsewhere is, by construction, a phish. Go directly to the real CA's admin portal via a bookmarked URL, or check their PQC migration status page — never click the link in the email.