"Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector"

Researchers have discovered a Microsoft-signed rootkit designed to communicate with an actor-controlled attack infrastructure. Trend Micro attributes the activity cluster to the same actor previously identified as being responsible for the FiveSys rootkit, which was discovered in October 2021. According to Trend Micro's researchers, this malicious actor originates in China, and their primary victims are the gaming sector in China. Their malware appears to have gone through the Windows Hardware Quality Labs (WHQL) process to get a valid signature. Multiple variants of the rootkit spanning eight separate clusters have been identified, and 75 of such drivers were signed using Microsoft's WHQL program in 2022 and 2023. Trend Micro's analysis of a portion of the samples revealed debug messages in the source code, suggesting that the operation is still in the development and testing phase. This article continues to discuss the rootkit signed by Microsoft used by Chinese hackers to target the gaming sector. 

THN reports "Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector"