Microsoft admits to signing rootkit malware in supply-chain fiasco


San Francisco, Jun 28 (IANS): Tech giant Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.

According to Bleeping Computers, this driver, called "Netfilter," is a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.

G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec community in tracing and analysing the malicious drivers bearing the seal of Microsoft.

This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process.

Microsoft said it is actively investigating this incident, although thus far, there is no evidence that stolen code-signing certificates were used.

The mishap seems to have resulted from the threat actor following Microsoft's process to submit the malicious Netfilter drivers and managing to acquire the Microsoft-signed binary in a legitimate manner.

"Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments," the company was quoted as saying by the website.

"We have suspended the account and reviewed their submissions for additional signs of malware," said Microsoft yesterday.

According to Microsoft, the threat actor has mainly targeted the gaming sector specifically in China with these malicious drivers and there is no indication of enterprise environments having been affected so far.

  

Top Stories


Leave a Comment

Title: Microsoft admits to signing rootkit malware in supply-chain fiasco



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.