In one of their recent threat hunting investigations, Trend Micro researchers came across an interesting new threat activity cluster that we initially thought was a false positive detection for a Microsoft signed file.
However, this turned out to be a novel piece of a signed rootkit that communicates with a large command-and-control (C&C) infrastructure for an unknown threat actor that Trend Micro is currently tracking and that they believe that is the same threat actor behind the rootkit FiveSys.
Read more…
Source: Trend Micro