Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected. A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/silver-fox-apt-abuses-windows-driver-in-active-campaign-a-29351
