Skip to content
The Nexus
DossierENTITY

Fox Tempest

Coverage of Fox Tempest in the Nexus archive.

Earliest in view: May 19 · 15:00 UTCMost recent: May 20 · 14:36 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 20 · 14:36 UTCTHE HACKER NEWS
    Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

    Microsoft disrupted a malware-signing-as-a-service operation that delivered malicious code and conducted ransomware attacks, compromising thousands of machines worldwide. The operation was attributed to Fox Tempest, a threat actor that offered the MSaaS scheme. Microsoft's action aimed to prevent further attacks.

  • SECURITYMay 19 · 21:56 UTCTHE REGISTER
    Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware

    Microsoft shut down an illegal code-signing operation used by ransomware criminals to mask their malware, seizing websites and taking down hundreds of virtual machines running the service. The operation, called Fox Tempest, abused Microsoft's Artifact Signing code-signing service, selling code-signing certificates to other criminals for thousands of dollars. This allowed ransomware groups to make their malware appear legitimate to Windows and users.

  • SECURITYMay 19 · 16:36 UTCRECORDED FUTURE NEWS
    Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs

    Microsoft disrupted Fox Tempest, a malware-signing-as-a-service platform tied to ransomware gangs, by unsealing a legal case in U.S. District Court. The platform has operated since May 2025 and provides cybercriminals with code signing tools. This disruption is a significant blow to ransomware gangs.

  • SECURITYMay 19 · 15:00 UTCCYBERSCOOP
    Microsoft disrupts cybercrime service that abused software verification systems en masse

    Microsoft disrupted a cybercrime service called Fox Tempest that created and sold code-signing certificates to make malware appear legitimate. The service was used by multiple ransomware groups and had a global impact. Microsoft seized infrastructure and dismantled the operation after tracking it since September 2025.