Cybersecurity firm Resecurity helped bring down a criminal operation that sold hackers a way to make malware look like legitimate software, with investigators linking it to multiple criminal operations.
Resecurity collaborated with Microsoft’s Digital Crimes Unit to investigate Fox Tempest, a for-hire service that issued fake digital certificates to cybercriminals, letting them cloak malicious files as trusted software and slip past security tools.
On May 19, Microsoft unsealed a legal order in the US District Court for the Southern District of New York. As part of the disruption, it seized the group’s website, shut down hundreds of virtual machines, and revoked more than 1,000 fraudulent certificates the service had sold to attackers.
Fox Tempest ran what researchers call a “malware-signing-as-a-service” operation, abusing Microsoft’s code-signing infrastructure to make malware appear trusted.
Microsoft linked the service to attacks tied to Rhysida, Akira, Qilin, Lumma Stealer, and at least half a dozen other criminal operations.
The FBI and Europol’s European Cybercrime Centre also coordinated on the takedown.
The case reflects a broader shift in how cybercrime operates: attackers increasingly outsource specialized capabilities to commercial services that lower the barriers to launching sophisticated attacks.
Fox Tempest was one such service; an enabler sitting upstream of ransomware and malware operations that relied on it to improve the effectiveness of their campaigns.
Dismantling that infrastructure matters beyond the immediate takedown.
When fraudulent code-signing ecosystems are degraded, ransomware operators lose a key tool for evading detection, attacks become harder to scale, and defenders get more opportunity to stop threats before they reach victims.
Click Here For The Original Source.
