Ransomware gang caught using Microsoft-approved drivers to hack targets

Security researchers say they have evidence that threat actors affiliated with the Cuba ransomware gang used malicious hardware drivers certified by Microsoft during an recent attempted ransomware attack.
Drivers — the software that allows operating systems and apps to access and communicate with hardware devices — require highly privileged access to the operating system and its data, which is why Windows requires drivers to bear an approved cryptographic signature before it will allow the driver to load.
These drivers have long been abused by cybercriminals, often taking a “bring your own vul

リンク元