Security 20 May 2026 / 0 Comments

Microsoft Disrupts Fox Tempest: What the Malware-Signing Takedown Means for Health Care IT

On May 19, Microsoft's Digital Crimes Unit (DCU) disrupted Fox Tempest, a financially motivated threat actor that for roughly a year had been operating a malware-signing-as-a-service (MSaaS) platform out of the domain signspace[.]cloud. The service let other cybercriminals upload malware and receive back binaries signed with legitimate, Microsoft-issued certificates obtained through abuse of the Artifact Signing platform (formerly known as Azure Trusted Signing). Microsoft revoked more than 1,000 fraudulent certificates tied to the operation, took offline hundreds of virtual machines hosting the signing infrastructure, and seized the signspace[.]cloud domain through a civil action filed in the U.S. District Court for the Southern District of New York, codenamed OpFauxSign.

The reason this matters for health care IT is straightforward. Signed malware bypasses a long list of default trust decisions made by Windows, Microsoft Defender, third-party EDR products, and email and web gateways. When Microsoft Threat Intelligence walked through the customer list, the names that emerged read like a who's-who of ransomware operations that have made hospitals and clinics primary targets. Vanilla Tempest, Storm-0501, Storm-2561, Storm-0249, and affiliates tied to INC, Qilin, Akira, BlackByte, and Rhysida all used Fox Tempest-signed binaries in active intrusions. Microsoft confirmed downstream attacks linked to Fox Tempest hit organizations across health care, education, government, and financial services, with impact spanning the United States, France, India, and China.

This is the part of the cybercrime supply chain that most practitioners never see directly. Fox Tempest does not run intrusions, does not deploy ransomware, and does not touch ePHI. It sells a tool that makes everyone else's attacks more effective. Understanding what the service did, why it worked, and what the disruption does (and does not) change is worth a closer look for anyone responsible for defending a health care environment.

What Fox Tempest Actually Did

Microsoft Artifact Signing is a cloud-based service that lets legitimate software developers sign their code with certificates issued by a Microsoft-operated certificate authority. As a security feature, those certificates are intentionally short-lived (valid for just 72 hours), which limits the blast radius if any single certificate is misused. To get a certificate, the requestor has to pass identity validation processes in line with industry verifiable credentials standards. In theory, that gatekeeping is what keeps the system honest.

Fox Tempest broke that model by using stolen or synthetic identities, very likely based in the United States and Canada, to pass identity validation and obtain certificates in bulk. The actor stood up hundreds of Azure tenants and subscriptions to support the operation. Then, through a customer portal at signspace[.]cloud, it sold the ability to upload malicious files and receive back signed binaries. Pricing tiers documented in court filings ran from $5,000 to $9,000 in Bitcoin, with higher tiers buying priority in the signing queue. Marketing happened on a Telegram channel called "EV Certs for Sale by SamCodeSign." Microsoft worked with a cooperating source to anonymously purchase the service in February and March 2026, which is part of how it built out the evidence used in the SDNY filing.

In February 2026, the operation shifted from a web portal to a pre-configured virtual machine model running on the US-based VPS provider Cloudzy. Customers got remote desktop access to a VM containing a metadata file pointing at the signing endpoint, a PowerShell script that performed the signing, and a sample signed file to demonstrate the workflow. This change reduced friction for customers and gave Fox Tempest better operational security.

What came out of that pipeline was the part health care IT actually has to deal with. Microsoft documented signed binaries impersonating Microsoft Teams, AnyDesk, PuTTY, and Cisco Webex, distributed primarily through legitimate purchased advertisements, malvertising, and SEO poisoning. A user searching for "Microsoft Teams download" could end up on an attacker-controlled page that looked legitimate, downloading an MSTeamsSetup.exe file that was, in fact, signed with a Microsoft-issued certificate. Execution dropped the Oyster backdoor (also called Broomstick), which established command-and-control communications, collected host information, and in some cases led to Rhysida ransomware deployment within the victim environment.

Why This Matters for Health Care Specifically

The ransomware operators sitting on the customer side of Fox Tempest's service have a documented history with the health care sector. Rhysida, in particular, has been the subject of HHS Health Sector Cybersecurity Coordination Center alerts and has been linked to attacks on Prospect Medical Holdings (which disrupted 16 hospitals and over 160 clinics in 2023), Ann & Robert H. Lurie Children's Hospital of Chicago, and a long list of mental health, addiction treatment, nursing home, and specialty practice victims. The American Hospital Association issued its own threat advisory on Rhysida in 2023 and has continued to warn members about the group. Vanilla Tempest, the Microsoft-tracked threat actor that operates Rhysida and was named as a co-conspirator in the OpFauxSign filing, used Fox Tempest's service as early as June 2025.

For an IT team running a typical health care environment, signed malware is a problem for several specific reasons.

Windows trusts signed binaries by default. SmartScreen, Mark of the Web checks, and a portion of Microsoft Defender's reputation heuristics give preferential treatment to signed code from a recognized publisher. A legitimate-looking signature does not automatically run a payload, but it removes friction at every step of the user experience and reduces the likelihood that an EDR will flag the file as suspicious on first execution.

Many clinical applications and medical device integration components run as signed executables already. In environments where vendors push their own signed installers and updates, users and admins are conditioned to trust the presence of a publisher signature as a meaningful security indicator. That conditioning is exactly what Fox Tempest's customers were exploiting.

The medical device side of this deserves attention. Many devices run aging Windows variants, have update mechanisms that pull signed binaries from vendor infrastructure, and operate under support contracts that restrict what endpoint controls IT teams can apply. A compromise of a vendor-side update channel that delivered a signed-but-malicious binary (a supply chain attack) would be a worst-case scenario for biomedical IT, and the Fox Tempest disclosure underscores how viable that vector has become. This is not a problem most IT teams can solve unilaterally, but it is one worth raising directly with biomedical engineering counterparts and device vendors during contract renewals and security reviews.

Smaller health care organizations often run lean security tooling. A Critical Access Hospital with a one-person IT department may not have Microsoft Defender for Endpoint at full P2 licensing, may not have a SIEM ingesting endpoint telemetry, and may not have application control policies in place. When the only thing standing between a malvertised "Teams installer" and the local administrator account is a user's judgment and a default Windows trust decision, signed malware tilts the odds in the attacker's favor.

The HIPAA Angle, Without Overstating It

There is no specific HIPAA citation that says "thou shalt validate code signatures." But the broader Security Rule framework does speak directly to the problem.

Under 45 CFR 164.306(a)(2), covered entities and business associates must "protect against any reasonably anticipated threats or hazards to the security or integrity of" electronic protected health information. Ransomware delivered through trusted, signed binaries is a reasonably anticipated threat at this point. It has been documented in OCR breach reports, HHS HC3 alerts, and now in Microsoft's federal court filing. An organization that does its risk analysis under 45 CFR 164.308(a)(1)(ii)(A) without accounting for ransomware delivery vectors that bypass signature-based controls is going to have a hard time defending that analysis after an incident.

The most directly applicable specification is 45 CFR 164.308(a)(5)(ii)(B), Protection from Malicious Software, which sits inside the Security Awareness and Training standard. It is an Addressable specification, which is important to clarify. Addressable does not mean optional. It means the covered entity or business associate must either implement the specification or document why an equivalent alternative is in place. HHS has proposed rule changes that would likely eliminate the Addressable designation entirely and make all current implementation specifications Required, though as of this writing those proposed changes have not been finalized. Regardless of designation, anti-malware procedures that rely entirely on signature trust are not a defensible answer in 2026.

Audit controls under 45 CFR 164.312(b) and information system activity review under 45 CFR 164.308(a)(1)(ii)(D) also become more important when the initial detection layer is compromised. If your endpoint product missed a signed Oyster backdoor on day one, the controls that catch the lateral movement, credential dumping, and ransomware staging that follow are what stand between you and a reportable breach.

This article is not legal or compliance advice, and the way these citations apply to a specific organization is something that organization's compliance counsel and security officer should work out. But the regulatory framework is there, and it is not silent on the topic.

What Health Care IT Should Actually Do

Most of the practical guidance here is not novel. What changes is the urgency around layered defenses, because the trust signal on a signed binary is no longer reliable evidence of legitimacy.

On the endpoint side, the basics matter. Cloud-delivered protection and Block at First Sight in Microsoft Defender Antivirus should be on. Tamper Protection should be enabled tenant-wide and not turned off in the name of convenience. Microsoft Defender SmartScreen should be enforced through browser policy. Attack surface reduction (ASR) rules deserve specific attention; the "Use advanced protection against ransomware" rule, the rule that blocks executables from running unless they meet a prevalence, age, or trusted list criterion, and the rule blocking executable content from email clients and webmail can all reduce the impact of a successful initial download.

Application control raises the bar substantially. AppLocker remains a viable option for organizations that cannot implement full Windows Defender Application Control (WDAC), and policies can be deployed through Group Policy on Active Directory-joined endpoints, distributed through Configuration Manager (ConfigMgr) compliance baselines, or pushed through Intune for cloud-managed devices. Most health care environments will run a mix of these. Allowlisting the specific publishers and paths that your clinical applications and core productivity tools come from, even in audit-only mode at first, will surface a lot of unauthorized code execution that signature trust currently lets through.

On the network side, egress filtering matters. Oyster and the other loader families distributed through Fox Tempest's service rely on outbound command-and-control communications to function. Restricting outbound traffic from clinical workstations and back-office endpoints to known-good destinations, and inspecting what is left, is one of the highest-leverage defensive changes available to a small IT team. This is not zero trust networking in the marketing sense. It is just network segmentation and egress control, which the HIPAA Security Rule has been hinting at for over two decades.

User-facing controls still earn their keep. Users searching for downloads should be directed to internal software libraries (whether that is a Configuration Manager Software Center, an Intune Company Portal, or a curated SharePoint page) rather than search engines. Phishing-resistant MFA on email and remote access reduces the value of credentials harvested by infostealers like Lumma and Vidar, which were also signed through this service.

For logging, enable Microsoft Defender for Endpoint advanced hunting if you have it, or at minimum get Sysmon and a Windows Event Forwarding pipeline pushing Process Creation (Event ID 4688) data into your SIEM. Microsoft published indicators of compromise for Fox Tempest activity, including SHA-1 certificate fingerprints and file hashes, and the threat analytics reports inside Microsoft Defender XDR include the Fox Tempest and Vanilla Tempest actor profiles for customers with that licensing.

A Realistic Read on the Disruption

OpFauxSign is a meaningful action, not a permanent solution. Microsoft seized the signspace[.]cloud domain, revoked over a thousand certificates, partnered with Cloudzy to take down VM infrastructure, coordinated with the FBI and Europol's European Cybercrime Centre, and filed a civil action that names a known ransomware operator as a co-conspirator. That all raises the cost of doing this kind of business. But the underlying technique (using stolen identities to obtain legitimately issued code-signing certificates from a trusted provider) is not specific to Microsoft, not specific to Artifact Signing, and not specific to Fox Tempest.

Microsoft's own DCU has already noted that Fox Tempest adapted its tradecraft repeatedly throughout 2025 as countermeasures rolled out, and attempted to shift to a different code-signing service before the takedown. Expect the same playbook to resurface, probably on a different provider, probably with a different storefront, probably within the next few quarters.

The defensive posture that protects health care organizations from this round of activity is the same posture that will help with the next round. Stop relying on signature trust as a meaningful security control. Layer defenses so that a single bypass at the file trust layer does not result in domain-wide ransomware deployment. And put the relevant regulatory citations into your risk analysis and policies before you have to explain them in an OCR investigation.

Sources

Microsoft Security Blog, "Exposing Fox Tempest: A malware-signing service operation," May 19, 2026. https://www.microsoft.com/en-us/security/blog/2026/05/19/exposing-fox-tempest-a-malware-signing-service-operation/

Microsoft On the Issues, "Disrupting Fox Tempest: A cybercrime service that turned 'verified' software into a pathway for ransomware," May 19, 2026. https://blogs.microsoft.com/on-the-issues/2026/05/19/disrupting-fox-tempest-a-cybercrime-service/

BleepingComputer, "Cybercrime service disrupted for abusing Microsoft platform to sign malware," May 19, 2026. https://www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/

The Hacker News, "Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks," May 19, 2026. https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html

The Register, "Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware," May 19, 2026. https://www.theregister.com/security/2026/05/19/microsoft-disrupts-alleged-malware-signing-operation-used-by-ransomware-gangs/

Cybersecurity Dive, "Microsoft disrupts cybercrime operation that hid behind legitimate software," May 20, 2026. https://www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/

HHS HC3 Sector Alert, "Rhysida Ransomware," August 4, 2023. https://www.hhs.gov/sites/default/files/rhysida-ransomware-sector-alert-tlpclear.pdf

American Hospital Association, "New Ransomware Threat: Rhysida Group Targets Hospitals," November 15, 2023. https://www.aha.org/advisory/2023-11-15-new-ransomware-threat-rhysida-group-targets-hospitals-puts-patient-safety-risk

45 CFR Part 164, Subpart C - Security Standards for the Protection of Electronic Protected Health Information. https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164

This article is for informational purposes only and does not constitute legal or compliance advice. Covered entities and business associates should consult qualified legal counsel or compliance professionals before making decisions pertaining to HIPAA or IT infrastructure.

Fox Tempest
malware-signing-as-a-service
code signing
Microsoft Artifact Signing
Rhysida ransomware
Vanilla Tempest
ENDPOINT SECURITY
Microsoft Defender
application control
ransomware health care

About the Author

Health Tech Authority Editorial Team

Health Tech Authority is an independent publication covering the technology side of health care organizations. We exist for the people in the mix - the systems administrators keeping servers online at 2 AM, the network engineers segmenting clinical VLANs on a shoestring budget, the security officers trying to hold the HIPAA line with half the resources a comparably sized non-health care organization would have, and the IT managers and administrators making technology decisions that directly affect patient care.

Content published under this account represents collaborative editorial work produced by the Health Tech Authority team. That includes original reporting, technical analysis, regulatory coverage, and practitioner-focused guidance across our core coverage areas: infrastructure and systems administration, networking, security and compliance, cloud and Microsoft 365 administration, clinical systems and health data, and the broader technology landscape serving health care organizations.

We cover what health care IT professionals actually need to know, written in a way that respects both their time and their intelligence. No fluff, no vendor press release rewrites, no thought leadership buzzword soup - just straightforward coverage of the systems, tools, and decisions that keep health care organizations running.

If you have a topic suggestion, a correction, or want to contribute, reach out through the Contact page.