BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Attackers use Microsoft drivers to compromise systems


    Microsoft has taken security measures to combat the growing threat.

    Microsoft announced on Dec. 13 that it had suspended and suspended accounts that were used to publish malicious drivers certified by the Windows Hardware Developer Program.

    Microsoft's investigation found that the activity was restricted to a few developer program accounts, and that no further hack was found. The investigation was initiated after information security company Sophos reported in October about rogue drivers that were used for post-exploitation and ransomware deployment.

    This attack method is called BYOVD (Bring Your Own Vulnerable Driver). This method allows an attacker with administrative privileges to easily bypass Windows kernel security. Instead of writing an exploit from scratch, a cybercriminal simply installs a third-party driver with known vulnerabilities. It then uses these vulnerabilities to gain instant access to some of the most protected areas of Windows.

    Mandiant also discovered that the UNC3944 group uses the STONESTOP bootloader to install the malicious POORTRY driver, designed to terminate antivirus programs and delete files.

    Attackers use compromised, stolen, and illegally acquired code signing certificates to sign malware. Several distinct families of malware have been signed that are associated with individual threat actors. Moreover, hackers use the malicious driver signing as a service service, in which case they receive malware artifacts signed through the Microsoft attestation process on behalf of the participants in the service.

    STONESTOP and POORTRY are alleged to have been used in attacks on the telecommunications, business outsourcing, MSP services, financial services, cryptocurrencies and transport sectors.

    Microsoft has since revoked certificates for affected files and suspended partner seller accounts to counter the threats.

    Author DeepWeb
    Qakbot Trojan now spreads inside SVG images
    Attackers rob VIP clients of crypto exchanges via Telegram chats

    Comments 0

    Add comment