Detecting and Hunting for the Malicious NetFilter Driver

Category:  Detection and Threat Hunting Overview During the week of June 21st, 2021, information security researchers from G Data discovered that a driver for Microsoft Windows named “netfilter.sys” had a backdoor added by a 3rd party that Microsoft then signed as a part of the Microsoft OEM program.  The malicious file is installed on a … Continue reading Detecting and Hunting for the Malicious NetFilter Driver

Abusing cloud services to fly under the radar

tl;dr NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to data from the airline industry. In their intrusions they regularly abuse cloud services from Google and Microsoft to achieve their goals. NCC Group and Fox-IT observed … Continue reading Abusing cloud services to fly under the radar