It’s been reported that kernel-mode hardware drivers that have been certified (signed) by Microsoft’s Windows Hardware Developer Program have been used maliciously in post-exploitation cyber attacks, i.e. where the attacker had already gained administrative privileges on compromised systems.
The attacks have been linked to known ransomware and SIM swappers. It is understood that Microsoft has now released security updates to revoke the certificates, has suspended the accounts used to submit the drivers to be signed, and is working on a further detection measures.
It is costly for us to have our systems down and really appreciate the speed that your team respond to any issue we have. I don’t believe we have had any problems which you have not been resolved.
- Warren Patmore -