Microsoft has revoked certificates from hundreds of accounts to disrupt ransomware groups.

Microsoft revoked over 200 code-signing certificates that were fraudulently obtained and used in a ransomware campaign. The attackers, linked to the Vanilla Tempest group, distributed malicious Microsoft Teams installers to deploy the Oyster backdoor. This backdoor was later used to deliver Rhysida ransomware. Microsoft’s action aimed to disrupt the campaign and prevent further abuse of its signing infrastructure.

Read more:

https://www.securityweek.com/microsoft-revokes-over-200-certificates-to-disrupt-ransomware-campaign/