Security News > 2021 > June > Threat Actor Abuses Microsoft’s WHCP to Sign Malicious Drivers
Microsoft is investigating an incident where a threat actor submitted malicious drivers for certification through the Windows Hardware Compatibility Program.
"We have seen no evidence that the WHCP signing certificate was exposed. The infrastructure was not compromised," Microsoft says.
Microsoft believes the the threat actor is specifically targeting the gaming sector in China, and that it has no interest in hitting enterprise environments.
Microsoft also notes that the malicious driver appears meant to help the adversary spoof geo-location data to be able to cheat and play games from anywhere.
"We are not attributing this to a nation-state actor at this time," Microsoft says.
The tech giant also explains that the identified driver is used post exploitation, with the attacker first gaining administrative privileges to install the malicious driver, or convincing the targeted user to do it.