{"id":221503,"date":"2026-05-28T03:25:05","date_gmt":"2026-05-28T07:25:05","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse\/"},"modified":"2026-05-28T03:25:08","modified_gmt":"2026-05-28T07:25:08","slug":"microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse\/","title":{"rendered":"Microsoft disrupts cybercrime service that abused software verification systems en masse"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/\">Microsoft disrupts cybercrime service that abused software verification systems en masse<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/\">https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-19 11:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p><strong>Summary:<\/strong><\/p>\n<p>Microsoft successfully disrupted a cybercrime operation by the financially-motivated threat group known as Fox Tempest, which had been signing over 1,000 fraudulent code-signing certificates that cybercriminals used to authorize malware and ransomware attacks. Fox Tempest operated as a &#8220;malware-signing-as-a-service&#8221; provider, offering the services to various ransomware groups like Rhysida and others for up to $9,500. They abused Microsoft\u2019s Artifact Signing system to sign this malicious code, allowing it to appear legitimate and bypass security controls. With the help of a court order, Microsoft seized the group&#8217;s infrastructure, evicted over 1,000 accounts, seized the group\u2019s website, and disrupted an organized service that had significant global ramifications, particularly affecting the healthcare, education, and government sectors. While the disruption is expected to temporarily raise costs for attackers, the broader cybercrime economy remains complex, with specialized and highly sophisticated services available in a structured, commoditized market.<\/p>\n<p><strong>Key Points:<\/strong><\/p>\n<ul>\n<li>Microsoft dismantled a cybercrime group, Fox Tempest, which fraudulently issued code-signing certificates used to make malware appear legitimate.<\/li>\n<li>Fox Tempest was linked to major ransomware operations and impacted sectors worldwide, including the U.S., France, India, and China.<\/li>\n<li>The threat group abused Microsoft\u2019s Artifact Signing system to forge identities and impersonate legitimate organizations to provide these fraudulent services.<\/li>\n<li>Following the disruption, Microsoft took down the group&#8217;s website and infrastructure, seizing hundreds of virtual machines and over 1,000 accounts.<\/li>\n<li>The operation exemplifies a commoditized cybercrime economy where attackers can purchase components to build sophisticated attacks, from phishing kits to specialized evasion tools.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft disrupts cybercrime service that abused software verification systems en masse https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/ Publish Date: 2026-05-19&#8230;<\/p>\n","protected":false},"author":1,"featured_media":221504,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/05\/GettyImages-2169079148.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,25],"class_list":["post-221503","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221503"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=221503"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221503\/revisions"}],"predecessor-version":[{"id":221505,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221503\/revisions\/221505"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/221504"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=221503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=221503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=221503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}