MalwareBleeping Computer
9.5 — CRITICAL
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Fox Tempest, a financially motivated threat actor, abused Microsoft's Artifact Signing service to create fraudulent code-signing certificates used by ransomware gangs and other cybercriminals, disrupting a malware-signing-as-a-service operation that generated millions of dollars in profits.
⚙️Technical Details
Affected Systems
signspace[.]cloud domainhundreds of virtual machines
Attack Vectors
upload malicious files for code-signing using fraudulently obtained certificatesimpersonating legitimate software such as Microsoft Teams, AnyDesk, PuTTY, and Webex
💥Impact Assessment
Severity: critical
Who Is at Risk
organizations worldwide targeting by threat actors including Vanilla Tempest ransomware operation
🛡️Recommended Actions
1Monitor Azure Artifact Signing service for suspicious activity
2Implement strict controls on code-signing certificates and digital signatures
3Regularly update and patch operating systems to prevent exploitation of vulnerabilities
📦Affected Products
Microsoft TeamsAnyDeskPuTTYWebex
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.