On October 17, 2025, Microsoft announced it had revoked over 200 digital certificates to disrupt a ransomware campaign that used fake Microsoft Teams installers. The threat actor, identified as Vanilla Tempest (also known as Vice Society), was distributing malware through these installers to deploy the Oyster backdoor and Rhysida ransomware. The fake installers and post-compromise tools were signed with certificates from various authorities, including Trusted Signing, SSL.com, DigiCert, and GlobalSign. By revoking these certificates, Microsoft has made it more difficult for the attackers to impersonate legitimate software and distribute their malicious payloads. This action is part of Microsoft's ongoing efforts to protect users from financially motivated cyber threats that involve ransomware and data exfiltration.