An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020.
The activity has not been tied to a known threat actor or group.
In other words, it offers a stealthy way to infiltrate deeper into the targeted system, maintain persistence, and execute additional payloads or commands as part of the threat actor’s multi-stage attack.
The name of the malicious driver is POORTRY, which comes with capabilities to terminate security software.
These malicious actors also tend to possess enough financial resources to either purchase rootkits from underground sources or buy code-signing certificates to build a rootkit.
According to the vulnerability report, these malicious actors also have the means to purchase root kits from underground sources or use code- signing certificates to bake a root kit
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply