home.social

#rhysida — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #rhysida, aggregated by home.social.

  1. Exposing Fox Tempest: A malware-signing service operation

    Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.

    Pulse ID: 6a0ca3690196d40952527b96
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Azure #Cloud #CyberSecurity #Education #Government #Healthcare #InfoSec #LummaStealer #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #Rhysida #Vidar #bot #AlienVault

  2. Exposing Fox Tempest: A malware-signing service operation

    Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.

    Pulse ID: 6a0ca3690196d40952527b96
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Azure #Cloud #CyberSecurity #Education #Government #Healthcare #InfoSec #LummaStealer #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #Rhysida #Vidar #bot #AlienVault

  3. ⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach

  4. ⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach

  5. ⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach

  6. ⚠️ Rhysida’s failed auction still burned 330k patients A Tennessee hospital says a July 2025 intrusion exposed SSNs, medical data and financial details, after #Rhysida claimed 500GB and 330k stolen files. #ransomNews #ransomware #healthcare #databreach

  7. New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
    More at : ransomlook.io/group/Rhysida #Ransomware

  8. New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
    More at : ransomlook.io/group/Rhysida #Ransomware

  9. New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
    More at : ransomlook.io/group/Rhysida #Ransomware

  10. New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
    More at : ransomlook.io/group/Rhysida #Ransomware

  11. New post from #Rhysida : Southold Town Senior Servicessouthold Police Department
    More at : ransomlook.io/group/Rhysida #Ransomware