Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.
\nThe certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a post shared on X.
\nThe tech<\/p>","protected":false},"excerpt":{"rendered":"
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The…<\/p>\n","protected":false},"author":1,"featured_media":2125,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"saved_in_kubio":false,"footnotes":""},"class_list":["post-2124","page","type-page","status-publish","has-post-thumbnail","hentry"],"kubio_ai_page_context":{"short_desc":"","purpose":"general"},"_links":{"self":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages\/2124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2124"}],"version-history":[{"count":0,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages\/2124\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/media\/2125"}],"wp:attachment":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}