Microsoft said it disrupted Fox Tempest, a malware-signing-as-a-service operation that abused Microsoft Artifact Signing to create short-lived code-signing certificates for hiding malicious software. The service supported ransomware like Rhysida, Inc, Qilin, and Akira, plus malware such as Lumma Stealer, Oyster, and Vidar, and Microsoft revoked more than one thousand related certificates. #FoxTempest #VanillaTempest #Rhysida #Qilin #Akira #LummaStealer #Oyster #Vidar
Keypoints
- Microsoft disrupted Fox Tempest’s malware-signing-as-a-service operation.
- The service abused Microsoft Artifact Signing to generate short-lived code-signing certificates.
- More than one thousand certificates linked to Fox Tempest were revoked.
- The operation supported ransomware families including Rhysida, Inc, Qilin, and Akira.
- Microsoft also seized infrastructure, removed fraudulent accounts, and filed a lawsuit against Fox Tempest and Vanilla Tempest.
Read More: https://www.securityweek.com/microsoft-disrupts-malware-signing-service-run-by-fox-tempest/