ICYMI From Earlier in the Week:

Targeted Attacks Leverage Signed Malicious Microsoft Drivers

https://s1.ai/signed-ms

Summary:
​ SentinelOne has observed prominent threat actors abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.
​ Investigations into these intrusions led to the discovery of #POORTRY and #STONESTOP malware, part of a small toolkit designed to terminate AV and EDR processes.
​ We first reported our discovery to Microsoft’s Security Response Center (MSRC) in October 2022 and received an official case number (75361). On Tuesday, MSRC released an associated advisory under ADV220005. (https://msrc.microsoft.com/update-guide/vulnerability/ADV220005)
​ This research was released alongside Mandiant. Readers can find their blog here: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware