Microsoft confirmed the distribution of a malicious driver in gaming environments. It’s called Netfilter and is used to communicate with Chinese C2 IPs. In the investigation so far, no evidence has been found that stolen code-signing certificates were used. A threat actor tried to submit the driver using Microsoft’s process and managed to acquire Microsoft-signed binary in a legal manner. No enterprise environments have been affected so far.