Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated legitimate organizations to obtain more than 1,000 code-signing certificates.
Microsoft seized the group’s website, signspace[.]cloud, revoked the abused certificates, which were obtained through its Artifact Signing service, and took offline hundreds of virtual machines set up by the attackers on Azure. Cybercriminals paid between $5,000 and $9,000 to use the malware signing as a service (MSaaS), highlighting its eff...