LAPSUS$ TTPs
LAPSUSS TTPs & MITRE ATT&CK Mapping
Two interesting techniques used by LAPSUS$ (Code Signing, Disable and Modify Tools)
TA0005: Defence Evasion
T1553.002: Subvert Trust Controls: Code Signing
NVIDIA certificates used to sign malicious software
The leak includes two stolen code signing certificates used by NVIDIA developers to sign their drivers and executables.
A code signing certificate allows developers to digitally sign executables and drivers so that Windows Operating System and users can verify the owner of the file and whether a third party has tampered with it. Microsoft requires kernel-mode drivers to be code signed before they are loaded by the operating system to increase security in Windows Operating Systems.