Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
Microsoft filed a civil action against Fox Tempest in the US District Court for the Southern District of New York, securing a court order that enabled a broad disruption of the group's cybercrime infrastructure. The action moved malicious domains to a Microsoft-owned sinkhole, disabled hundreds of virtual machines, and took down about 1,000 accounts. Microsoft says Fox Tempest sold malware-signing-as-a-service and supported Rhysida ransomware and other malware operations. The case matters because it targets an upstream enabler in the cybercrime supply chain rather than a single downstream attack.
Related Happenings
Operation Endgame takedown of Amadey and StealC infrastructure
Law Enforcement
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Operation Endgame takedown of Amadey and StealC infrastructure
Law EnforcementAbout this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Microsoft hit by cyberattack
Incident
H score68
First: 09.06.2026 18:42
Last: 09.06.2026 18:42
Sources 1
About this happening:
A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft hit by cyberattack
IncidentAbout this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
Fox Tempest's malware-signing service scales trusted-signed malware for ransomware gangs
Threat Actor Meta
H score26
First: 20.05.2026 00:47
Last: 20.05.2026 00:47
Sources 1
About this happening:
Microsoft disrupted **Fox Tempest**'s **malware-signing service** in **May 2026**, cutting off a criminal platform that helped ransomware gangs and other cybercriminals obtain tru...
Fox Tempest's malware-signing service scales trusted-signed malware for ransomware gangs
Threat Actor MetaAbout this happening: Microsoft disrupted **Fox Tempest**'s **malware-signing service** in **May 2026**, cutting off a criminal platform that helped ransomware gangs and other cybercriminals obtain tru...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
Campaign
H score37
First: 06.05.2026 16:02
Last: 06.05.2026 16:02
Sources 1
About this happening:
The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
CampaignAbout this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
Timeline
-
19.05.2026 18:00 1 articles · 1mo ago
Microsoft files civil action against Fox Tempest
Legal Policy Action UpdateMicrosoft files a civil action against Fox Tempest in the US District Court for the Southern District of New York, starting a court-backed effort against a malware-signing-as-a-service operator linked to Rhysida ransomware support and other malware enablement.
Show sources
- Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool — www.infosecurity-magazine.com — 19.05.2026 18:00
-
19.05.2026 18:00 1 articles · 1mo ago
Court order enables Fox Tempest infrastructure takedown
Mitigation Patch UpdateThree days after the filing, a court order enables Microsoft to move Fox Tempest's malicious domains to a Microsoft-owned sinkhole, disable hundreds of Cloudzy-hosted virtual machines with provider help, take down about 1,000 accounts, and suspend the threat actor's repository.
Show sources
- Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool — www.infosecurity-magazine.com — 19.05.2026 18:00
-
19.05.2026 18:00 2 articles · 1mo ago
Microsoft publicly unseals Fox Tempest case and disruption details
Initial DisclosureMicrosoft publicly unseals the Fox Tempest case on May 19, 2026 and says its Digital Crimes Unit used undercover personas, identified the group's infrastructure, worked with hosting providers, and coordinated with the FBI and Europol's European Cybercrime Centre (EC3) to identify the people behind the group.
Show sources
- Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool — www.infosecurity-magazine.com — 19.05.2026 18:00
- Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool — www.infosecurity-magazine.com — 19.05.2026 18:00