ICYMI From Earlier in the Week:

Targeted Attacks Leverage Signed Malicious Microsoft Drivers

https://s1.ai/signed-ms

Summary:
:purple_circle:​ SentinelOne has observed prominent threat actors abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.
:purple_circle:​ Investigations into these intrusions led to the discovery of #POORTRY and #STONESTOP malware, part of a small toolkit designed to terminate AV and EDR processes.
:purple_circle:​ We first reported our discovery to Microsoft’s Security Response Center (MSRC) in October 2022 and received an official case number (75361). On Tuesday, MSRC released an associated advisory under ADV220005. (https://msrc.microsoft.com/update-guide/vulnerability/ADV220005)
:purple_circle:​ This research was released alongside Mandiant. Readers can find their blog here: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware

Collaborative research done by #Vigilance DFIR, #SentinelLabs, S1 Research & Development and our friends at Mandiant: https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/ #POORTRY #STONESTOP

Collaborative research done by #Vigilance DFIR, #SentinelLabs, S1 Research & Development and our friends at @Mandiant: https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/ #POORTRY #STONESTOP

Collaborative research done by #Vigilance DFIR, #SentinelLabs, S1 Research & Development and our friends at @Mandiant: sentinelone.com/labs/driving-t… #POORTRY #STONESTOP