Targeted Attacks Leverage Signed Malicious Microsoft Drivers
released on 2022-12-14 @ 08:13:17 AM
SentinelOne has observed prominent threat actors abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses. Investigations into these intrusions led to the discovery of POORTRY and STONESTOP malware, part of a small toolkit designed to terminate AV and EDR processes.