Security News > 2023 > July > Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure.
"This malicious actor originates from China and their main victims are the gaming sector in China," Trend Micro's Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy said.
Multiple variants of the rootkit spanning eight different clusters have been discovered, with 75 such drivers signed using Microsoft's WHQL program in 2022 and 2023.
One of the suspected entry points for these infections is said to be a trojanized Chinese game, mirroring Cisco Talos' discovery of a malicious driver called RedDriver.
As many as 133 malicious drivers signed with legitimate digital certificates have been uncovered, 81 of which are capable of terminating antivirus solutions on victims' systems.
"Because drivers often communicate with the 'core' of the operating system and load before security software, when they are abused, they can be particularly effective at disabling security protections - especially when signed by a trusted authority," Christopher Budd, director of threat research at Sophos X-Ops, said.
News URL
https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html
Related news
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)