{"id":23566,"date":"2022-12-15T00:22:16","date_gmt":"2022-12-15T00:22:16","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/"},"modified":"2022-12-15T00:22:16","modified_gmt":"2022-12-15T00:22:16","slug":"microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/","title":{"rendered":"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register"},"content":{"rendered":"<p> <a href=\"https:\/\/go.fiverr.com\/visit\/?bta=1052423&nci=17043\" Target=\"_Top\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/fiverr.ck-cdn.com\/tn\/serve\/?cid=40081059\"  width=\"601\" height=\"201\"><\/a>\n<\/p>\n<div id=\"body\">\n<p>Microsoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code could be used in cyberattacks.<\/p>\n<p>In tandem with its <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/12\/14\/microsoft_patch_tuesday_vm\/\" rel=\"noopener\">Patch Tuesday<\/a> rollout this week, the tech goliath also revoked certificates used to sign the bad drivers, and promised to put in place measures to prevent organizations from loading the malicious code.<\/p>\n<p>These moves come after eggheads at Google-owned Mandiant, SentinelOne, and Sophos told Microsoft in October that multiple cybercrime gangs were using malicious third-party-developed Microsoft-signed kernel-mode hardware drivers to help spread ransomware.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n        <noscript><br \/>\n            <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt=\"\"\/><br \/>\n            <\/a><br \/>\n        <\/noscript>\n    <\/div>\n<p>Essentially, these crews created developer accounts with Microsoft to submit malicious drivers to the software goliath&#8217;s Windows Hardware Developer Program. Once Microsoft was hoodwinked into digitally signing the drivers, signalling the code was legit, the software would be trusted by the operating system.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><br \/>\n                    <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                        <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                    <\/a><br \/>\n                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>At that point, once the miscreants had compromised a victim&#8217;s Windows PC and gained admin access, they could load the drivers and use them to do privileged things, such as disable antivirus and security tools, and fully compromise the device and possibly the whole network.<\/p>\n<p>According to Microsoft&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/ADV220005\">advisory<\/a> this week about the whole mess, the mega-biz was informed by the cybersecurity firms that Redmond-approved drivers were being used by various miscreants to hit organizations with ransomware.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>&#8220;In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers,&#8221; Microsoft wrote, adding that its &#8220;investigation revealed that several developer accounts for the Microsoft Partner Center were engaged in submitting malicious drivers to obtain a Microsoft signature.&#8221;<\/p>\n<p>The IT giant stressed there had been no compromise of its own network and systems; this was a case of rogue developers submitting bad drivers, and waiting for Microsoft to wrongly OK them, and then use the code in the wild against victims, we&#8217;re told.<\/p>\n<p>Now those developer accounts have been frozen, and steps taken to prevent the drivers from being deployed against any other targets, according to Microsoft.<\/p>\n<p>A malicious Windows kernel-mode hardware driver with Microsoft&#8217;s stamp of approval is unhindered from doing all kinds of things once running on a system, such as hobble endpoint protection products and thwart intrusion detection. Microsoft has required kernel-mode drivers to be signed through the Windows Hardware Developer Program since Windows 10.<\/p>\n<p>The signature indicates trust, according to Sophos researchers Andreas Klopsch and Andrew Brandt. There has been a rise in the use of trusted third-party device drivers to terminate security tools in 2022.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5pouLumdSG-fk-fcMPRFAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>Dubbed the Bring Your Own Vulnerable Driver (BYOVD) approach, a miscreant with sufficient privileges on a system loads a legit, non-malicious signed Windows driver known to contain vulnerabilities that can be exploited to switch off features and fully compromise the PC.<\/p>\n<p>Alternatively, the miscreant can load a signed driver specifically designed for evil. The end results are largely the same.<\/p>\n<p>BlackByte ransomware took the first approach, using a driver from a legitimate publisher, the Sophos team wrote in a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/news.sophos.com\/en-us\/2022\/12\/13\/signed-driver-malware-moves-up-the-software-trust-chain\/\">report<\/a>.<\/p>\n<p>&#8220;Threat actors are moving up the trust pyramid, attempting to use increasingly more well-trusted cryptographic keys to digitally sign their drivers,&#8221; Klopsch and Brandt wrote.<\/p>\n<p>They said criminals likely associated with the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/12\/02\/fbi_warning_cuba_ransomware\/\" rel=\"noopener\">Cuba ransomware<\/a> used a loader tool called BURNTCIGAR \u2013 first detected by Mandiant in February \u2013 to try to run a malicious third-party driver dubbed POORTRY that quietly kills endpoint protections on targeted systems ahead of ransomware being planted. It&#8217;s said POORTRY was designed specifically for this use case, and was signed by Microsoft via its hardware developer program.<\/p>\n<p>Attempts to load the driver failed, we&#8217;re told, and left behind files that the researchers could analyze.<\/p>\n<p>Sophos said it found two malicious Windows driver samples that were signed on behalf of Zhuhai Liancheng Technology and another for Beijing JoinHope Image Technology, both Chinese companies.<\/p>\n<p>Meanwhile, Mandiant researchers this week <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.mandiant.com\/resources\/blog\/hunting-attestation-signed-malware\">wrote<\/a> about UNC3944, a financially motivated team active since at least May, that is using malware signed via Microsoft and its hardware driver program.<\/p>\n<p>The researchers said UNC3944 used a malware loader called STONESTOP to run POORTRY to kill off any unwanted security processes. POORTRY dates back to June and has appeared with various code certificates. The UNC3944 gang usually gains initial access to a network using stolen credentials and SMS phishing.<\/p>\n<p>SentinelOne&#8217;s SentinelLabs unit said it found malware that includes STONESTOP, which is used to load and install POORTRY. The analysts detected three versions of this malicious code stack, with two versions of POORTRY signed through Microsoft.<\/p>\n<p>The analysts said the toolkit has been used against a range of targets in such areas as telecommunications, business process outsourcing (BPO), managed security service providers (MSSPs), and financial services. It&#8217;s also been used by the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/11\/18\/hive_ransomware_fbi\/\" rel=\"noopener\">Hive ransomware<\/a> group against a healthcare company.<\/p>\n<p>Researchers at both Mandiant and SentinelLabs said multiple crews have used POORTRY, indicating the malware may be available for miscreants to buy and that the process for signing the drivers may be offered as a service.<\/p>\n<p>&#8220;Other evidence supporting the &#8216;supplier&#8217; theory stems from the similar functionality and design of the drivers,&#8221; the SentinelLabs team wrote. &#8220;While they were used by two different threat actors, they functioned in very much the same way. This indicates they were possibly developed by the same person then subsequently sold for use by someone else.&#8221;<\/p>\n<p>In addition, the Mandiant analysts have seen cybercrooks and services claiming \u2013 in languages like English, Russian, and Chinese \u2013 to offer code-signing certificates or to sign malware for the buyers.<\/p>\n<p>Microsoft in October said it is countering this trend toward using vulnerable drivers in attacks by making the vulnerable driver blocklist a <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/10\/26\/microsoft_windows_driver_hvci_blocked_list\/\" rel=\"noopener\">default feature<\/a> rather than an option for devices running the Windows 11 2022 update. In addition, the blocklist will be regularly updated and consistent across Windows 10 and other OS versions.<\/p>\n<p>Not OKing malicious drivers in the first place would be cool, too. \u00ae<\/p>\n<\/p><\/div>\n<iframe data-lazy=\"true\" data-src=\"https:\/\/www.fiverr.com\/gig_widgets?id=U2FsdGVkX18x7XQvttUTrv1oEqmGNGTgvvCUiUoJ\/AP4z\/UyMz8lXGOLpu15jIMxBbTR0gmD5uBoFvhC4KWeALQRp3h\/X\/AwcVD0K8Wj9H\/ZzYKzcCNHosB9oS4SCJJFWiN85P9ICAc4OgCoE\/wHKIY7CDkf2\/DQ1vqGvk4smVe5cRDEmrLPCWi4FC8p40VUhSmWQ5udCm0zoJtorgWv3vbDQw0kKYkwn39ozAnQXDe+YvWMxkLFWA+O3TFwkJvdkIK+\/AUSnRssPKt5WHY0FhNOxnSPcLslEL4G4\/RfP95ve99U+kRnDy3X+KtzdQLY+u935ghON\/o3UE4IMv9oN6JX9RnxzL\/LRcOgnHigxStSGPKsZYtnz8RWNVT\/rOLAibqiWJadC5MYHRbekF3eg6FOGrQGkXYbsn0+a5aovnlLCbLwIqY9fcS17UX8J235iQ6cdmHNbrPeS84CMm34RA==&affiliate_id=1052423&strip_google_tagmanager=true\" loading=\"lazy\" data-with-title=\"true\" class=\"fiverr_nga_frame\" frameborder=\"0\" height=\"350\" width=\"100%\" referrerpolicy=\"no-referrer-when-downgrade\" data-mode=\"random_gigs\" onload=\" var frame = this; var script = document.createElement('script'); script.addEventListener('load', function() { window.FW_SDK.register(frame); }); script.setAttribute('src', 'https:\/\/www.fiverr.com\/gig_widgets\/sdk'); document.body.appendChild(script); \" ><\/iframe>\n<br \/><a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/12\/14\/microsoft_drivers_ransomware_attacks\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code&#8230;<\/p>\n","protected":false},"author":1,"featured_media":23567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-23566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-universe"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register - mailinvest.blog<\/title>\n<meta name=\"description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register - mailinvest.blog\" \/>\n<meta property=\"og:description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/\" \/>\n<meta property=\"og:site_name\" content=\"mailinvest.blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/freelanceracademic\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-15T00:22:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/shutterstock_bsod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin@mailinvest.blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin@mailinvest.blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/\"},\"author\":{\"name\":\"admin@mailinvest.blog\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\"},\"headline\":\"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register\",\"datePublished\":\"2022-12-15T00:22:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/\"},\"wordCount\":986,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/shutterstock_bsod.jpg\",\"articleSection\":[\"Tech Universe\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/\",\"name\":\"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register - mailinvest.blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/shutterstock_bsod.jpg\",\"datePublished\":\"2022-12-15T00:22:16+00:00\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/shutterstock_bsod.jpg\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/shutterstock_bsod.jpg\",\"width\":1200,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/15\\\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mailinvest.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"name\":\"mailinvest.blog\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mailinvest.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\",\"name\":\"mailinvest\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"width\":1000,\"height\":1000,\"caption\":\"mailinvest\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/freelanceracademic\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\",\"name\":\"admin@mailinvest.blog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"caption\":\"admin@mailinvest.blog\"},\"sameAs\":[\"https:\\\/\\\/mailinvest.blog\",\"admin@mailinvest.blog\"],\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/author\\\/adminmailinvest-blog\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register - mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register - mailinvest.blog","og_description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","og_url":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/","og_site_name":"mailinvest.blog","article_publisher":"https:\/\/www.facebook.com\/freelanceracademic\/","article_published_time":"2022-12-15T00:22:16+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/shutterstock_bsod.jpg","type":"image\/jpeg"}],"author":"admin@mailinvest.blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin@mailinvest.blog","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#article","isPartOf":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/"},"author":{"name":"admin@mailinvest.blog","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4"},"headline":"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register","datePublished":"2022-12-15T00:22:16+00:00","mainEntityOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/"},"wordCount":986,"commentCount":0,"publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/shutterstock_bsod.jpg","articleSection":["Tech Universe"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/","url":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/","name":"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register - mailinvest.blog","isPartOf":{"@id":"https:\/\/mailinvest.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#primaryimage"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/shutterstock_bsod.jpg","datePublished":"2022-12-15T00:22:16+00:00","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","breadcrumb":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#primaryimage","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/shutterstock_bsod.jpg","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/shutterstock_bsod.jpg","width":1200,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/15\/microsoft-signed-malicious-drivers-used-in-cyberattacks-the-register\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mailinvest.blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft-signed malicious drivers used in cyberattacks \u2022 The Register"}]},{"@type":"WebSite","@id":"https:\/\/mailinvest.blog\/#website","url":"https:\/\/mailinvest.blog\/","name":"mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailinvest.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailinvest.blog\/#organization","name":"mailinvest","url":"https:\/\/mailinvest.blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","width":1000,"height":1000,"caption":"mailinvest"},"image":{"@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/freelanceracademic\/"]},{"@type":"Person","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4","name":"admin@mailinvest.blog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","caption":"admin@mailinvest.blog"},"sameAs":["https:\/\/mailinvest.blog","admin@mailinvest.blog"],"url":"https:\/\/mailinvest.blog\/index.php\/author\/adminmailinvest-blog\/"}]}},"_links":{"self":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/23566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/comments?post=23566"}],"version-history":[{"count":0,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/23566\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media\/23567"}],"wp:attachment":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media?parent=23566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/categories?post=23566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/tags?post=23566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}