It’s been reported that kernel-mode hardware drivers that have been certified (signed) by Microsoft’s Windows Hardware Developer Program have been used maliciously in post-exploitation cyber attacks, i.e. where the attacker had already gained administrative privileges on compromised systems.
The attacks have been linked to known ransomware and SIM swappers. It is understood that Microsoft has now released security updates to revoke the certificates, has suspended the accounts used to submit the drivers to be signed, and is working on a further detection measures.
“They are a very detail orientated team who have achieved great IT solutions for our company. Their knowledge of new technology is good and explanation of benefits for us easy to understand.”
- Lynn West -