"Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world."
"To disrupt the service, we seized Fox Tempest's website signspace[.]cloud, took offline hundreds of the virtual machines running the operation, and blocked access to a site hosting the underlying code," Steven Masada, assistant general counsel at Microsoft's Digital Crimes Unit, said."
"Fox Tempest is said to have leveraged this mechanism to generate short-lived, fraudulent code-signing certificates and use them to deliver trusted, signed malware and slip past security controls. The certificates were valid for only 72 hours."
"Microsoft noted that the operation enabled the deployment of Rhysida ransomware by threat actors such as Vanilla Tempest, along with other malware families like Oyster, Lumma Stealer, and Vidar, illustrating the crucial role played by Fox Tempest within the cybercrime ecosystem."
Microsoft disrupted a malware-signing-as-a-service operation that weaponized Microsoft Artifact Signing to deliver malicious code and conduct ransomware and other attacks. The activity was attributed to a threat actor named Fox Tempest, active since May 2025. The disruption effort, codenamed OpFauxSign, involved seizing the signspace.cloud website, taking offline hundreds of virtual machines, and blocking access to a site hosting underlying code. The operation enabled deployment of Rhysida ransomware and other malware families including Oyster, Lumma Stealer, and Vidar. Connections were also found to affiliates tied to ransomware strains such as INC, Qilin, BlackByte, and Akira, targeting healthcare, education, government, and financial services across multiple countries. Fox Tempest used short-lived fraudulent code-signing certificates valid for 72 hours to deliver trusted signed malware and bypass security controls.
#malware-signing-as-a-service #artifact-signing #ransomware #code-signing-certificates #cybercrime-disruption
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]