Tag: fox tempest
5 articles

Microsoft Disrupts Malware-Signing Service Used in Ransomware Attacks
Microsoft swooped in to shut down a notorious malware-signing service, seizing the website signspace.cloud and taking down hundreds of virtual machines used to fuel ransomware attacks. This bold move, dubbed OpFauxSign, crippled a key operation run by the threat actor Fox Tempest, which had been using Microsoft's own system against them since May 2025.

Microsoft Disrupts Cybercrime Service Selling Code-Signing Certificates to Ransomware Gangs
Microsoft has disrupted a notorious cybercrime operation, dubbed Fox Tempest, that sold code-signing certificates to ransomware gangs, allowing them to disguise malware as legitimate Windows software. The operation, which created over 580 fake Microsoft accounts, has been linked to two individuals, John Doe 1 and John Doe 2, who allegedly traded in real, Microsoft-issued code-signing credentials.

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft cracked down on a notorious malware-signing service used by ransomware gangs, disrupting the operations of Fox Tempest, a financially motivated group that generated millions of dollars in profits by selling trust to cybercriminals. The group had created over 1,000 code-signing certificates and hundreds of Azure tenants to support its industrial-scale scheme.

Microsoft Disrupts Malware Signing Service Used by Ransomware Groups
Microsoft cracked down on a sophisticated malware signing service run by a group called Fox Tempest, which helped ransomware gangs disguise their malicious programs as legitimate software. This service was like a master forgery operation, creating counterfeit digital signatures that even experts struggled to spot.

Microsoft Disrupts Fox Tempest's Ransomware-Enabling Code-Signing Service
Microsoft's Digital Crimes Unit has successfully disrupted a notorious code-signing service used by cybercriminals, including the group behind Fox Tempest, to create fake IDs and gain easy access to systems. This operation has effectively shut down a key tool used by hackers to spread ransomware and malware.