Cuba used these cryptographically signed “drivers” after compromising a target’s systems as part of efforts to disable security scanning tools and change settings. The activity was meant to fly under the radar, but it was flagged by monitoring tools from the security firm Sophos.

Read full article on Wired – Threat Level