Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft disrupted Fox Tempest, a commercial malware-signing-as-a-service that abused Azure Artifact Signing to issue fraudulent short-lived code-signing certificates and sign malware (including Oyster, Lumma Stealer, Vidar) used by multiple ransomware groups (Rhysida, Akira, INC, Qilin, BlackByte). The service provided hosted signing infrastructure, accepted uploaded malware, and was monetized publicly, demonstrating large-scale criminal organization; organizations are advised to strengthen identity verification, certificate monitoring, allowlisting, and infrastructure segmentation to mitigate trusted-signature abuse.