Ayoub Aouragh October 17, 2025 1 min read

Microsoft revokes 200 fraudulent certificates linked to ransomware

Microsoft just pulled the plug on over 200 fraudulent certificates that were being used by a group known as Vanilla Tempest to carry out ransomware attacks. These certificates were signed off on fake Microsoft Teams setup files, which were a sneaky way to deliver the Oyster backdoor and install Rhysida ransomware. The company caught wind of this shady operation in late September and took action earlier this month.

Vanilla Tempest, which has been around since at least July 2022, is linked to other notorious ransomware strains like BlackCat and Quantum Locker. By revoking these certificates, Microsoft is not just shutting down this specific attack vector but also updating its security tools to flag any malicious activity related to these fake setups. If you’re using Microsoft products, it’s a good reminder to stay vigilant and keep your systems updated.

Share this article

Twitter LinkedIn Email

More insights from the team

Continue exploring adjacent research and threat briefings selected for their relevance to this topic.

View all articles

Nov 07, 2025 • 1 min

U.S. Congressional Budget Office faces suspected cyberattack

The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...

Researchers uncover vulnerabilities in ChatGPT that expose data

Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...

Gootloader malware resurfaces with new tactics after seven months

Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...