From securityaffairs.com
Trend Micro researchers shared details about ALPHV/BlackCat ransomware incident that took place on February 2023. A BlackCat affiliate employed signed malicious Windows kernel drivers to evade detection.
Experts believe the driver is a new version of the malware reported in December 2022 by Mandiant, Sophos and Sentinel One, via a coordinated disclosure.
The attackers attempted to deploy the driver (ktgn.sys) previously analyzed by Mandiant, which is signed through Microsoft signing portals.