by I’ve summarised this article for you:
It’s outrageous that threat actors are getting away with using sophisticated rootkits to hide malicious payloads, disable security tools, and maintain persistence on victim systems. It’s even worse that they are able to do this with valid Microsoft digital signatures, making them almost impossible to detect.
The gaming sector in China appears to be the main target for this type of malicious activity, but there is no reason why they wouldn’t use these tools in other geographies. Even more disturbing is the revelation that attackers are exploiting loopholes in Microsoft’s Windows driver signing policy to deploy malware on a mass scale.
How we can tackle this issue:
– Improve the security measures in place to prevent malicious drivers from obtaining a valid Microsoft signature
– Investigate the loopholes in Microsoft’s Windows driver signing policy and take measures to close them
– Increase collaboration between public and private sectors to better identify and respond to malicious activity targeting the gaming sector
