An undocumented malicious driver called RedDriver uses an open-source tool to forge signature timestamps, as a way to bypass Microsoft’s Windows driver signature enforcement policies.
Researchers said that malicious Windows kernel drivers will continue to be used by sophisticated groups that have the skills and resources needed to develop such tools.
Researchers said the Lazarus Group attacks were the first recorded abuse of the known Dell driver flaw (CVE-2021-21551) in the wild.
The flaw was first reported to Microsoft in 2019, but at the time it said it did not consider the issue to be a vulnerability.
Researchers believe that attackers behind the Anchor malware, the Trickbot gang, have ceased Trickbot operations are instead focusing on deploying stealthier versions of other malware families.