Microsoft has disrupted Fox Tempest, a malware-signing-as-a-service operation that enabled cybercriminals to sign malicious software with fake trusted certificates, making it appear legitimate and easier to distribute. The operation abused Microsoft Artifact Signing and supported various ransomware and malware campaigns, based on information published by Security Affairs.Fox Tempest operated a platform called signspace[.]cloud, which allowed threat actors to obtain short-lived Microsoft-issued certificates via Artifact Signing. This service facilitated the signing of malicious files, including Rhysida ransomware, Oyster, Lumma Stealer, and Vidar, helping them bypass security controls. Microsoft seized the group's infrastructure, revoked over 1,000 code-signing certificates, and filed a lawsuit against Fox Tempest and Vanilla Tempest. The service, which charged between $5,000 and $9,000, was linked to threat actors like Vanilla Tempest, Storm-0501, Storm-2561, and Storm-0249, as well as ransomware affiliates behind INC, Qilin, and Akira.Attacks supported by Fox Tempest have targeted sectors including healthcare, education, government, and financial services globally. Microsoft recommends layered defenses to counter these threats.Source: Security Affairs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




