Tag: Zhengzhou 403

The Chinese cyber-espionage collective Dragon Breath, also recognized by the designation APT-Q-27, has purportedly acquired a formidable new instrument for infiltrating corporate infrastructures. According to a report by Ransom-ISAC, investigators identified a vulnerable driver, dragoncore_k.sys, bearing a valid Microsoft WHQL digital signature. This component empowers adversaries to dismantle Windows security protocols, effectively neutralizing antivirus solutions…