MICROSOFT'S Digital Crimes Unit disrupted a significant cybercrime operation known as "Fox Tempest," which provided malware-signing-as-a-service (MSaaS) to other cybercriminals. This service enabled actors to generate short-lived fraudulent digital certificates, allowing malware to evade security measures by appearing legitimate. The group operated under a sophisticated pricing model, offering various packages for signing malware, ranging from $5,000 to $9,000 USD.
They used registered stolen identities to create Azure tenants for certificate generation. The operation supported the deployment of ransomware and other malware, notably enabling the Rhysida ransomware attacks. Microsoft's intervention led to the revocation of over one thousand fraudulent certificates, significantly impacting the ransomware ecosystem.