Microsoft disrupts cybercrime service that abused software verification systems en masse

Microsoft dismantled Fox Tempest, a cybercrime service that fabricated identities to abuse Microsoft’s Artifact Signing system and sold more than 1,000 fraudulent code-signing certificates to ransomware and malware operators (including groups like Rhysida and others). The service enabled malicious software to appear trusted—facilitating distribution via SEO poisoning, malicious ads, and direct deployment—and affected sectors globally (notably the US, France, India, and China). Microsoft seized infrastructure, deleted accounts, and took virtual machines and hosting sites offline to disrupt the operation and raise costs for attackers.