Source |
CSO |
Identifiant |
8291350 |
Date de publication |
2022-12-14 14:07:00 (vue: 2022-12-14 23:05:33) |
Titre |
Cuba ransomware group used Microsoft developer accounts to sign malicious drivers |
Texte |
Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy."In most ransomware incidents, attackers kill the target's security software in an essential precursor step before deploying the ransomware itself," researchers from security firm Sophos said in a new report about the incident. "In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
about accounts actors added article attackers attacks been before blocklist called can certificates click cuba deploy deploying developer disable driver drivers endpoint essential firm from full group hardware have here incident incidents its itself kill malicious microsoft most new optionally please precursor products program ransomware read recent report researchers revoked said security several sign signed software some sophos step suspended target threat tools turned use used users will windows |
Tags |
Ransomware
Threat
|
Stories |
|
Notes |
★★
|
Move |
|