An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020.
Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor.
"WinTapix.sys is essentially a loader," security researchers Geri Revay and Hossein Jazi said
Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program.
The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected.
Cryptographically signing