Ransomware gang caught using Microsoft-approved drivers to hack targets

Security researchers say they have evidence that threat actors affiliated with the Cuba ransomware gang used malicious hardware drivers certified by Microsoft during a recent attempted ransomware attack.

Drivers — software that enables operating systems and apps to access and communicate with hardware devices — require highly privileged access to the operating system and its data, which is why Windows requires drivers to bear an approved cryptographic signature before they can be loaded. Cybercriminals have long exploited these drivers, frequently employing a “bring your own vulnerable driver” strategy in which hackers exploit vulnerabilities discovered within an existing Windows driver from a legitimate software publisher.