Microsoft disrupts cybercrime service offering malware disguised as legitimate software
Samuel Boivin/NurPhoto via Getty Images
ByDavid DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW
May 19, 2026 11:00 AM ET
The downstream impact of that service’s operations “has resulted in attacks against a broad range of industry sectors” in the U.S. and other nations, the company said.
Microsoft on Tuesday took actions against a “malware-signing-as-a-service” provider that has helped criminal hackers evade security defenses designed to check whether software is legitimate.
The group, dubbed Fox Tempest, was found to be abusing Microsoft code signing tools that validate whether software has been tampered with. Microsoft said it seized Fox Tempest’s website, took down hundreds of virtual machines running its operation and blocked access to another site that hosted underlying code used by the group.
Microsoft also unsealed a legal case in New York that targeted the group, and named another ransomware gang known as Vanilla Tempest as a co-conspirator.
Normally,...
Copyright of this story solely belongs to nextgov.com. To see the full text click HERE
