Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.
The certificates were « used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware, » the Microsoft Threat Intelligence team said in a post shared on X.
The tech
