Microsoft disrupts 'Fox Tempest' cybercrime operation

Source:The Register

02 — Who / Subject

Microsoft Digital Crimes Unit, Fox Tempest

03 — Where / Locus

United States

04 — When / Temporality

May 20, 2026

Verified: May 20, 2026

05 — Why / Core Summary

"Microsoft seized websites and virtual machines used by the 'Fox Tempest' group to sell fraudulent code-signing certificates. The certificates allowed ransomware gangs to make malware appear as legitimate software. Thousands of machines in the US, including over 12 owned by Microsoft, were impacted."

Conflict Analysis

A major disruption of a supply-chain attack vector where legitimate code-signing services were abused to facilitate ransomware distribution.

Recommended Background Resource

Affiliate / AdAI Curation

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

Author: Andy Greenberg

This book provides a deep dive into the sophisticated world of state-sponsored and criminal hacking groups, illustrating how they exploit infrastructure and trust mechanisms, which is essential for understanding the threat landscape involving groups like Fox Tempest.

Explore Background Book (Amazon)

As an Amazon Associate, COMPAMIR earns from qualifying purchases.

Post