Cybercrime service disrupted for abusing Microsoft platform to sign malware
Summary
Microsoft has disrupted a malware-signing-as-a-service operation that exploited its Artifact Signing service to create fraudulent code-signing certificates. These certificates were used by cybercriminals, including ransomware groups, to make their malware appear legitimate. The operation was shut down after Microsoft detected suspicious activity and took action against the abusive accounts.
IFF Assessment
This event is bad for defenders because cybercriminals were able to make their malware appear legitimate, increasing the chances of successful attacks.
Defender Context
This incident highlights the ongoing threat of legitimate infrastructure being abused for malicious purposes. Defenders should be aware of the evolving tactics used to legitimize malware and ensure their detection systems are robust enough to identify subtly disguised threats.