#rhysida — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #rhysida, aggregated by home.social.
-
Exposing Fox Tempest: A malware-signing service operation
Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.
Pulse ID: 6a0ca3690196d40952527b96
Pulse Link: https://otx.alienvault.com/pulse/6a0ca3690196d40952527b96
Pulse Author: AlienVault
Created: 2026-05-19 17:52:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #Cloud #CyberSecurity #Education #Government #Healthcare #InfoSec #LummaStealer #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #Rhysida #Vidar #bot #AlienVault
-
Exposing Fox Tempest: A malware-signing service operation
Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.
Pulse ID: 6a0ca3690196d40952527b96
Pulse Link: https://otx.alienvault.com/pulse/6a0ca3690196d40952527b96
Pulse Author: AlienVault
Created: 2026-05-19 17:52:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #Cloud #CyberSecurity #Education #Government #Healthcare #InfoSec #LummaStealer #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #Rhysida #Vidar #bot #AlienVault
-
[RHYSIDA] - Ransomware Victim: Landeshauptstadt Stuttgart - https://www.redpacketsecurity.com/rhysida-ransomware-victim-landeshauptstadt-stuttgart/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Tower View Primary School - https://www.redpacketsecurity.com/rhysida-ransomware-victim-tower-view-primary-school/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Tower View Primary School - https://www.redpacketsecurity.com/rhysida-ransomware-victim-tower-view-primary-school/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Tower View Primary School - https://www.redpacketsecurity.com/rhysida-ransomware-victim-tower-view-primary-school/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Tower View Primary School - https://www.redpacketsecurity.com/rhysida-ransomware-victim-tower-view-primary-school/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Tower View Primary School - https://www.redpacketsecurity.com/rhysida-ransomware-victim-tower-view-primary-school/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
New post from #Rhysida : Tower View Primary School
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Tower View Primary School
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Tower View Primary School
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Tower View Primary School
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Tower View Primary School
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
@verisizintisi there's nothing in that post that indicates a Rhysida claim. #Rhysida #CherryHealth #DataBreach @PogoWasRight
-
@verisizintisi there's nothing in that post that indicates a Rhysida claim. #Rhysida #CherryHealth #DataBreach @PogoWasRight
-
New post from #Rhysida : Stelia North America
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Stelia North America
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Stelia North America
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Stelia North America
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Stelia North America
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
[RHYSIDA] - Ransomware Victim: Stelia North America - https://www.redpacketsecurity.com/rhysida-ransomware-victim-stelia-north-america/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Stelia North America - https://www.redpacketsecurity.com/rhysida-ransomware-victim-stelia-north-america/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Stelia North America - https://www.redpacketsecurity.com/rhysida-ransomware-victim-stelia-north-america/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Stelia North America - https://www.redpacketsecurity.com/rhysida-ransomware-victim-stelia-north-america/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Stelia North America - https://www.redpacketsecurity.com/rhysida-ransomware-victim-stelia-north-america/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach
-
⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach
-
⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach
-
⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach
-
[RHYSIDA] - Ransomware Victim: Southold Town Senior ServicesSouthold Police Department - https://www.redpacketsecurity.com/rhysida-ransomware-victim-southold-town-senior-servicessouthold-police-department/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Southold Town Senior ServicesSouthold Police Department - https://www.redpacketsecurity.com/rhysida-ransomware-victim-southold-town-senior-servicessouthold-police-department/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Southold Town Senior ServicesSouthold Police Department - https://www.redpacketsecurity.com/rhysida-ransomware-victim-southold-town-senior-servicessouthold-police-department/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Southold Town Senior ServicesSouthold Police Department - https://www.redpacketsecurity.com/rhysida-ransomware-victim-southold-town-senior-servicessouthold-police-department/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Southold Town Senior ServicesSouthold Police Department - https://www.redpacketsecurity.com/rhysida-ransomware-victim-southold-town-senior-servicessouthold-police-department/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
[RHYSIDA] - Ransomware Victim: Rohner - https://www.redpacketsecurity.com/rhysida-ransomware-victim-rohner/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Rohner - https://www.redpacketsecurity.com/rhysida-ransomware-victim-rohner/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Rohner - https://www.redpacketsecurity.com/rhysida-ransomware-victim-rohner/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Rohner - https://www.redpacketsecurity.com/rhysida-ransomware-victim-rohner/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
[RHYSIDA] - Ransomware Victim: Rohner - https://www.redpacketsecurity.com/rhysida-ransomware-victim-rohner/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor
-
New post from #Rhysida : Rohner
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Rohner
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Rohner
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Rohner
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
New post from #Rhysida : Rohner
More at : https://www.ransomlook.io/group/Rhysida #Ransomware -
[RHYSIDA] - Ransomware Victim: Cheyenne & Arapaho Tribes - https://www.redpacketsecurity.com/rhysida-ransomware-victim-cheyenne-arapaho-tribes/
#rhysida #dark_web #data_breach #OSINT #ransomware #threatintel #tor