"Microsoft said it seized Fox Tempest's website, took down hundreds of virtual machines running its operation and blocked access to another site that hosted underlying code used by the group. Microsoft also unsealed a legal case in New York that targeted the group, and named another ransomware gang known as Vanilla Tempest as a co-conspirator."
"Normally, software signing certificates are meant to prove a program is safe upon download and installation. Operations like Fox Tempest are often sought after in the cybercriminal world because they can be paid to bless hackers' malware with a valid-looking signature to help it evade detection."
"Fox Tempest has been operating its malware disguise services since May of last year, Microsoft said. The downstream impact of its operations - which have let other criminal hackers distribute ransomware and other malicious packages - "has resulted in attacks against a broad range of industry sectors, including healthcare, education, government, and financial services" in the U.S., France, India and China, the company said in an assessment of the group."
"Hackers paid thousands of dollars to get their malicious code signed by Fox Tempest, with higher-paying plans receiving priority, the company added. "what's changed is how this activity is marketed, packaged and sold as a service, along with the scale at which it is now used across ransomware campaigns," Microsoft's Digital Crimes Unit assistant general counsel Steven Masada said in a prepared statement."
Microsoft took actions against Fox Tempest, a malware-signing-as-a-service provider that used Microsoft code signing tools to evade defenses that verify software integrity. Microsoft seized the group’s website, took down hundreds of virtual machines used in the operation, and blocked access to another site hosting underlying code. Microsoft unsealed a legal case in New York targeting the group and named Vanilla Tempest as a co-conspirator. Software signing certificates are intended to prove programs are safe, but Fox Tempest sold valid-looking signatures to help malicious code avoid detection. The service operated since May of the previous year, and its downstream impact included attacks on healthcare, education, government, and financial services in multiple countries. Hackers paid thousands of dollars for signing, with higher-paying plans receiving priority.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]