Microsoft disclosed on Tuesday (Dec 13, 2022) that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity and Microsoft Threat Intelligence Center (MSTIC) ongoing analysis indicates that the signed malicious drivers were likely used to facilitate post-exploitation intrusion activity such as the deployment of ransomware.
