It reported that the mishap seemed to have come from the threat actor that followed Microsoft's submitting the malicious rootkit "Netfilter" drivers. However, the company still has not found any solid evidence regarding the stolen code-signing certificates used. Microsoft Admits Its MistakeĪfter publicly announcing that they made a mistake, Microsoft's team immediately started investigating the incident. He added that drivers that do not have a Microsoft certificate could only be installed by default. Microsoft has to ensure that it is stable enough to run on the operating system. Hahn stated that ever since Windows Vista, all codes that will run on kernel-mode must be tested and signed right before its public release. Read Also: Microsoft Reveals Latest SolarWinds Hacker Attack, SEC Probes Companies Victimized Related first tweet: - Karsten Hahn June 25, 2021 As a result, it raised certain suspicions.īecause of this, Hahn decided to tweet about it. The malicious "Netfilter" in question provided no legitimate activity in terms of functionality. It was indeed the Rootkin "Netfilter" Driver that Microsoft recently signed. What is the Rootkit 'Netfilter' Driver Signed by Microsoft?Īccording to Bleeping Computer, the cybersecurity alert systems of G Data flagged what seemed to be a false positive - or so they thought. However, this incident is to be blamed on Microsoft's weak verification of its code-signing process. To everyone's surprise, the Chinese command-and-control IPs belong to one of the companies that the United States Department of Defense labeled as "Community Chinese Military."Īs a result, the event exposed various threats to the entire software supply-chain security. Based on the report, Karsten Hahn, a G Data malware analyst, was the first one who noticed the "Netfilter."Īfter noticing the malware, the infosec community helped him trace, analyze, and identify the malicious drivers that bore Microsoft's seal.
0 kommentar(er)
