It’s been reported that kernel-mode hardware drivers that have been certified (signed) by Microsoft’s Windows Hardware Developer Program have been used maliciously in post-exploitation cyber attacks, i.e. where the attacker had already gained administrative privileges on compromised systems.
The attacks have been linked to known ransomware and SIM swappers. It is understood that Microsoft has now released security updates to revoke the certificates, has suspended the accounts used to submit the drivers to be signed, and is working on a further detection measures.