Microsoft’s digital keys were hijacked by an unknown threat actor, identified as Carderbee by Symantec researchers, to sign malware in a supply-chain attack. The malware was used to infect around 100 selected victims. The hackers managed to get Microsoft to digitally sign a rootkit, which was then used to attack the infrastructure of software developer Esafenet, pushing malicious updates to its customers. The incident highlights the sophisticated tactics used by hackers to stay under the radar.
