1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft takes down 'Fox Tempest' cybercrime service which used

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 20, 2026 17:45:25
    Microsoft takes down 'Fox Tempest' cybercrime service which used legitimate platforms to hide dangerous malware

    Date:
    Wed, 20 May 2026 16:30:00 +0000

    Description:
    Fox Tempest created more than a thousand fake certificates, helping
    distribute Lumma, Vidar, and countless other malware.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Microsoft disrupts Fox Tempest operation which abused Azure Artifact Signing to issue fraudulent codesigning certificates The group created over 1,000 certificates and hundreds of Azure tenants, enabling malware campaigns to bypass security controls Legal action was launched against Fox Tempest and Vanilla Tempest, whose services
    supported major malware and ransomware distribution Microsoft has taken down
    a malicious service that offered digitally signed certificates to hackers,
    and has launched a legal case against the operations perpetrators.

    In its report the company said a threat actor known as Fox Tempest used Azure Artifact Signing to create temporary certificates. These certificates allowed malware to be signed as legitimate software, bypassing antivirus protections and compromising victim devices. To access the service, the miscreants allegedly used different identities, stolen from people in the United States and Canada. To minimize the chances of being spotted, they created certificates that were only valid for 72 hours - however, during their work, the attackers created more than 1,000 certificates, as well as hundreds of Azure tenants and subscriptions. Latest Videos From You may like Microsoft, Europol take down global phishing as a service network which was able to bypass 2FA with ease Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors This legit-looking software is actually antivirus-killing adware High-profile customers "Fox Tempest has created over a thousand certificates and established hundreds of Azure tenants and subscriptions to support its operations. Microsoft has revoked over one thousand code signing certificates attributed to Fox Tempest," Microsoft said in the report.

    "In May 2026, Microsoft's Digital Crimes Unit (DCU), with support from industry partners, disrupted Fox Tempest's MSaaS offering, targeting the infrastructure and access model that enables its broader criminal use."

    As part of the takedown effort, Microsoft seized the signspace[dot]com
    domain, as well as hundreds of virtual machines. It also blocked access to infrastructure that hosted the entire service.

    BleepingComputer notes some of the biggest malware and ransomware campaigns used Fox Tempests services, including LummaStealer, Vidar, Qilin, BlackByte, and Akira. Vanilla Tempest was named as a co-conspirator in the legal action, it was further stated, since it allegedly distributed both malware and ransomware. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Some of the fake apps being distributed this way included Teams, AnyDesk, and Webex.

    "When unsuspecting victims executed the falsely named Microsoft Teams installer files, those files delivered a malicious loader, which in turn installed the fraudulently signed Oyster malware and ultimately deployed Rhysida ransomware," Microsoft explained.

    Because the Oyster malware was signed by a certificate from Microsoft's Artifact Signing service, the Windows operating system initially recognized the malware as legitimate software, when it would otherwise be flagged as suspicious or blocked entirely by security controls in the Windows operating system." The best antivirus for all budgets Our top picks, based on
    real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-takes-down-fox-tempest-cyberc rime-service-which-used-legitimate-platforms-to-hide-dangerous-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)