Microsoft canceled multiple Microsoft hardware developer accounts because the drivers submitted by these accounts through the Windows Hardware Developer Program certification program were signed and used for cyber attacks including ransomware. Security firms SentinelOne, Mandiant and Sophos reported the activity on Oct. 19, and a subsequent investigation found that multiple developer accounts in the Microsoft Partner Center were involved in submitting malicious drivers for Microsoft signatures, Microsoft said. Security researchers say they have discovered a new toolkit containing components called STONESTOP (loader) and POORTRY (kernel-mode driver) used in cyber attacks, where POORTRY has a Microsoft signature.
This article is transferred from: https://www.solidot.org/story?sid=73650
This site is only for collection, and the copyright belongs to the original author.