Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Wednesday, May 20, 2026 at 02:36 PM UTC·Source: The Hacker News

Updated: Wednesday, May 20, 2026 at 03:00 PM UTC

Executive Summary

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme

Analysis

Source Attribution

Originally published by The Hacker News on May 20, 2026.

Related Threats

HIGHRansomwareNEW

Why Smaller Healthcare Providers Remain Easy Targets

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/smaller-healthcare-providers-remain-easy-targets-image_small-3-a-31736.jpg" align=right hspace=4><b>Recent Hacks Underscore Persistent and Growing Threats to Smaller Organizations</b><br>Small and mid-sized healthcare organizations - including medical specialty practices and regional clinics - continue to fall victim disproportion

8m agoBank Info Security

HIGHRansomwareNEW

Hackers bypass SonicWall VPN MFA due to incomplete patching

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]

49m agoBleepingComputer

HIGHRansomware

FBI warns students and staff that ShinyHunters may come knocking after Canvas breach

Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.

13h agoGraham Cluley