Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

Microsoft’s Digital Crimes Unit exposed and disrupted Fox Tempest, a criminal group running a "malware-signing-as-a-service" that fraudulently signed malware and enabled ransomware and infostealer campaigns (including Rhysida/Vanilla Tempest and strains like Lumma Stealer, Vidar, Oyster); the report describes the group’s abuse of legitimate code-signing systems, the global scope of affected hosts, and coordinated takedown actions with providers and law enforcement that disabled infrastructure, sinkholed domains, and reduced illicit certificate issuance.