Microsoft Shuts Down Fox Tempest Malware-Signing Service Tied to Ransomware Gangs
Microsoft announced on May 19, 2026, the dismantling of Fox Tempest, a criminal operation that exploited the company's own Artifact Signing system to issue fraudulent code-signing certificates to malware. The service generated over 1,000 fake certificates and charged cybercriminals between $5,000 and $9,000 per signing, earning millions in revenue. Fox Tempest provided ongoing signing infrastructure to ransomware groups behind families including Qilin, Akira, and INC, enabling their malware to bypass security defenses by appearing as trusted software. Microsoft seized associated websites and shut down hundreds of virtual machines running the service, though previously issued certificates may remain valid until revoked or expired. The operation compromised thousands of systems globally, including at least 12 machines belonging to Microsoft itself, with victims spanning healthcare, critical infrastructure, and enterprise sectors.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in