Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Wednesday, May 20, 2026 at 02:36 PM UTC·Source: The Hacker News

Updated: Wednesday, May 20, 2026 at 03:00 PM UTC

Executive Summary

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme

Analysis

Source Attribution

Originally published by The Hacker News on May 20, 2026.

Related Threats

CRITICALRansomware

7 tabletop exercise mistakes that sabotage incident response

Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the results can be misleading and potentially destructive. When your organization’s incident response training consistently fail

9h agoCSO Online

HIGHRansomware

Bombay High Court Issues Injunction Prohibiting Hackers From Publishing Allegedly Hacked HDFC Investor Data

The Bombay High Court granted interim relief to HDFC AMC after a ransomware group called “Morpheus” allegedly stole over 680 GB of sensitive company and investor data. The court barred unidentified hackers from publishing or sharing the information, warning that any leak could lead to identity theft, financial fraud and irreparable harm. The case will... Source

2d agoDataBreaches.net

HIGHRansomware

Bombay High Court Issues Injunction Prohibiting Hackers From Publishing Allegedly Hacked HDFC Investor Data (1)

2d agoDataBreaches.net