Large-Scale Exploitation of Legacy Driver Detected
/ 1 min read
🦠 Massive Campaign Exploits Vulnerable Legacy Driver to Evade Detection. A recent investigation revealed a large-scale cyber campaign utilizing over 2,500 variants of the legacy Truesight driver (version 2.0.2) to deploy an EDR/AV killer module, first detected in June 2024. The attackers exploited a known vulnerability in this driver, allowing them to bypass Microsoft’s Vulnerable Driver Blocklist and evade common detection mechanisms. The campaign primarily targeted victims in China and involved phishing tactics to distribute initial-stage malicious samples disguised as legitimate applications. The findings prompted an update to the Microsoft blocklist, which now prevents the loading of all exploited driver variants. This case underscores the need for comprehensive detection strategies beyond hash-based methods to combat sophisticated cyber threats.
