Microsoft signed driver called Netfilter, turns out it contained malware
When Microsoft observed the rootkit, it was found out that it communicated with Chinese C2 IPs which belong to a company that the US Department of Defense labeled as “Community Chinese Military”.