Malware

Microsoft disrupts Fox Tempest malware-signing service

Laptop screen showing malware warning sign with digital circuit background on desk in modern office environment with natural light and creative concept.

Microsoft has disrupted Fox Tempest, a malware-signing-as-a-service operation that enabled cybercriminals to sign malicious software with fake trusted certificates, making it appear legitimate and easier to distribute. The operation abused Microsoft Artifact Signing and supported various ransomware and malware campaigns, based on information published by Security Affairs.

Fox Tempest operated a platform called signspace[.]cloud, which allowed threat actors to obtain short-lived Microsoft-issued certificates via Artifact Signing. This service facilitated the signing of malicious files, including Rhysida ransomware, Oyster, Lumma Stealer, and Vidar, helping them bypass security controls. Microsoft seized the group's infrastructure, revoked over 1,000 code-signing certificates, and filed a lawsuit against Fox Tempest and Vanilla Tempest. The service, which charged between $5,000 and $9,000, was linked to threat actors like Vanilla Tempest, Storm-0501, Storm-2561, and Storm-0249, as well as ransomware affiliates behind INC, Qilin, and Akira.

Attacks supported by Fox Tempest have targeted sectors including healthcare, education, government, and financial services globally. Microsoft recommends layered defenses to counter these threats.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds