Microsoft admits to signing rootkit malware in supply-chain fiasco
Tech giant Microsoft has now
confirmed signing a malicious driver being distributed within gaming environments.
According to Bleeping Computers, this driver, called
"Netfilter," is a rootkit that was observed communicating with
Chinese command-and-control (C2) IPs.
G Data malware analyst Karsten
Hahn first took notice of this event last week and was joined by the wider
infosec community in tracing and analysing the malicious drivers bearing the
seal of Microsoft.
This incident has once again exposed threats to software
supply-chain security, except this time it stemmed from a weakness in
Microsoft's code-signing process.
Microsoft said
it is actively investigating this incident, although thus far, there is no
evidence that stolen code-signing certificates were used.
The mishap seems to have resulted from the threat actor following
Microsoft's process to submit the malicious Netfilter drivers and managing to
acquire the Microsoft-signed binary in a legitimate manner.
"Microsoft is investigating a malicious actor distributing
malicious drivers within gaming environments,"
the company was quoted as saying by the website.
"We have suspended the account and reviewed their submissions
for additional signs of malware," said Microsoft yesterday.
According to Microsoft, the threat actor has mainly targeted the gaming sector
specifically in China with these malicious drivers and there is no indication
of enterprise environments having been affected so far.
Comments
Post a Comment