Unmasking a Large-Scale Legacy Driver Exploitation Campaign
Essential information
- Published
- 24/02/2025 16:26
- Modified
- 24/02/2025 16:51
- Tags
- 2025-02-24 driver edrbypass exploitation phishing
- Related entities
- 200 observables, 5 techniques (mitre), 3 others
Description
Check Point Research uncovered an extensive campaign exploiting a vulnerability in the legacy version 2.0.2 of the Truesight.sys driver, part of Adlice's RogueKiller Antirootkit suite. Attackers leveraged this vulnerability to deploy an EDR/AV killer module, effectively disabling security solutions on targeted systems.