{"id":52732,"date":"2023-07-13T00:03:00","date_gmt":"2023-07-13T00:03:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/researchers-discover-microsoft-signed-rootkit-for-loading-2nd-stage-kernel-module"},"modified":"2023-07-13T00:03:00","modified_gmt":"2023-07-13T00:03:00","slug":"hackers-target-chinese-gamers-with-microsoft-signed-rootkit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/","title":{"rendered":"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A new campaign targeting gaming users in China is the latest example of how threat actors are increasingly using sophisticated rootkits to hide malicious payloads, disable security tools, and maintain persistence on victim systems.<\/p>\n<p>The novel rootkit in this instance has a valid Microsoft digital signature, meaning it can successfully load on systems running recent Windows versions without getting blocked or triggering any security alerts. It can download other unsigned kernel mode drivers directly into memory, including one that is engineered to shut down Windows Defender software on target systems so the threat actor can then deploy second-stage malware of their choice \u2014 and maintain persistence \u2014 on them.<\/p>\n<h2 class=\"regular-text\">Kernel Mode Driver Threat<\/h2>\n<p>Researchers at Trend Micro recently discovered the malicious kernel driver targeting gaming users in China and reported their discovery to Microsoft last month. They believe the unknown threat actor behind it was also behind a similar 2021 rootkit for monitoring and redirecting Web traffic, dubbed <a href=\"https:\/\/www.bitdefender.com\/blog\/labs\/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions\/\" target=\"_blank\" rel=\"noopener\">FiveSys<\/a>, that also targeted the Chinese gaming sector.<\/p>\n<p>The new malware is one of a growing number of Microsoft-signed kernel drivers that security researchers have discovered over the past two years. Other examples include <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/hunting-attestation-signed-malware\" target=\"_blank\" rel=\"noopener\">PoorTry<\/a>, a rootkit that Mandiant reported last December, which threat actors are using in different ways including to deploy ransomware; and <a href=\"https:\/\/www.gdatasoftware.com\/blog\/microsoft-signed-a-malicious-netfilter-rootkit\" target=\"_blank\" rel=\"noopener\">NetFilter<\/a> for IP redirection; and FiveSys. Last December, Sophos disclosed a <a href=\"https:\/\/news.sophos.com\/en-us\/2022\/12\/13\/signed-driver-malware-moves-up-the-software-trust-chain\/\" target=\"_blank\" rel=\"noopener\">Microsoft-signed Windows driver<\/a> engineered to kill antivirus software and endpoint security tools on targeted systems. Many believe that attackers are increasingly employing such tools because of how effective endpoint tools have become at detecting threats smuggled in via other vectors.<\/p>\n<p>Many of these tools have targeted the gaming sector in China for purposes like credential theft and geolocation cheating in games. But there is no reason why a threat actor wouldn&#8217;t be able to use them in other geographies and for a slew of other malicious use cases.<\/p>\n<p>&#8220;Despite how complex it is to build such capabilities, it seems that current malicious actors are exhibiting competence and consistent usage of such tools, tactics, and procedures (TTPs), regardless of their final motive and objectives,&#8221; Trend Micro researchers Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/g\/hunting-for-a-new-stealthy-universal-rootkit-loader.html\" target=\"_blank\" rel=\"noopener\">wrote this week<\/a>.<\/p>\n<h2 class=\"regular-text\">Universal Rootkit Loader<\/h2>\n<p>The researchers identified the new malware they discovered as a standalone kernel driver that functions as a universal rootkit loader. The first-stage driver \u2014 the Microsoft-signed one \u2014 communicates with command and communications (C2) servers using the Windows Socket Kernel, a kernel-mode network programming interface. &#8220;It uses a Domain Generating Algorithm (DGA) algorithm to generate different domains,&#8221; the three researchers said. &#8220;If it fails to resolve an address, it connects directly to fallout IPs that are hard coded inside the driver.&#8221;<\/p>\n<p>The first-stage driver acts as a loader for a self-signed second-stage driver. Because the second-stage driver is downloaded via the signed first-stage driver, it bypasses the Windows native driver loader and is loaded directly into memory. Then the malware initiates a sequence of steps to maintain persistence and remove any traces of its presence from the disk.<\/p>\n<p>Trend Micro said it was able to tie the new malware to the FiveSys actor because of various similarities between the two malware tools. Both the FiveSys rootkit and the second-stage rootkit associated with the new malware function to redirect Web browsing traffic to an attacker-controlled server. Both can monitor Web traffic and hook file system functions, Trend Micro said.<\/p>\n<h2 class=\"regular-text\">Rogue Developer Accounts<\/h2>\n<p>Microsoft has <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/ADV230001\" target=\"_blank\" rel=\"noopener\">blamed the issue<\/a> of Microsoft-signed malicious drivers on rogue developer accounts within its partner program. According to the company, &#8220;several developer accounts for the Microsoft Partner Center (MPC) were engaged in submitting malicious drivers to obtain a Microsoft signature.&#8221; In an advisory that accompanied its July 2023 security update announcement, the company said it has suspended all the accounts and released updates for detecting and blocking the malicious drivers.<\/p>\n<p>Meanwhile, in a new twist, Cisco Talos this week said it had discovered threat actors using open source digital signature timestamp forging tools to alter the signing date on kernel mode Microsoft drivers and deploy them by the thousands. The company tied the activity to a <a href=\"https:\/\/www.darkreading.com\/endpoint\/hackers-exploit-policy-loophole-windows-kernel-drivers\" target=\"_blank\" rel=\"noopener\">loophole in Microsoft&#8217;s Windows driver signing<\/a> policy. <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/install\/kernel-mode-code-signing-policy--windows-vista-and-later-\" target=\"_blank\" rel=\"noopener\">The policy<\/a> basically specifies that Windows will not load any new kernel level drivers unless they are signed via Microsoft&#8217;s Dev Portal. The policy, however, provides an exception that allows &#8220;the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015,&#8221; Cisco said. Threat actors are abusing the loopholes to sign drivers, including expired ones, so they fall within the policy exemption and then are using them to deploy malware.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/researchers-discover-microsoft-signed-rootkit-for-loading-2nd-stage-kernel-module\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kernel mode driver can download second-stage payload directly to memory, allowing threat actors to evade endpoint detection and response tools.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/researchers-discover-microsoft-signed-rootkit-for-loading-2nd-stage-kernel-module\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-52732","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hackers Target Chinese Gamers With Microsoft-Signed Rootkit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-13T00:03:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit\",\"datePublished\":\"2023-07-13T00:03:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/\"},\"wordCount\":769,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt83720fc3e3aeba5c\\\/64af0c346084a901f29cea8b\\\/rootkit_Alexander56891_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/\",\"name\":\"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt83720fc3e3aeba5c\\\/64af0c346084a901f29cea8b\\\/rootkit_Alexander56891_shutterstock.jpg\",\"datePublished\":\"2023-07-13T00:03:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt83720fc3e3aeba5c\\\/64af0c346084a901f29cea8b\\\/rootkit_Alexander56891_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt83720fc3e3aeba5c\\\/64af0c346084a901f29cea8b\\\/rootkit_Alexander56891_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-07-13T00:03:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit","datePublished":"2023-07-13T00:03:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/"},"wordCount":769,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/","url":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/","name":"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg","datePublished":"2023-07-13T00:03:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt83720fc3e3aeba5c\/64af0c346084a901f29cea8b\/rootkit_Alexander56891_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hackers-target-chinese-gamers-with-microsoft-signed-rootkit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Hackers Target Chinese Gamers With Microsoft-Signed Rootkit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52732"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52732\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}