Security News > 2023 > July > Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure.
"This malicious actor originates from China and their main victims are the gaming sector in China," Trend Micro's Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy said.
Multiple variants of the rootkit spanning eight different clusters have been discovered, with 75 such drivers signed using Microsoft's WHQL program in 2022 and 2023.
One of the suspected entry points for these infections is said to be a trojanized Chinese game, mirroring Cisco Talos' discovery of a malicious driver called RedDriver.
As many as 133 malicious drivers signed with legitimate digital certificates have been uncovered, 81 of which are capable of terminating antivirus solutions on victims' systems.
"Because drivers often communicate with the 'core' of the operating system and load before security software, when they are abused, they can be particularly effective at disabling security protections - especially when signed by a trusted authority," Christopher Budd, director of threat research at Sophos X-Ops, said.
News URL
https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html
Related news
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)