Hackers Disable Windows Defender using Intel CPU driver operation in attacks

The most modern Windows computers rely on Microsoft Defender as their first defense line of malware. Over the years, evolved in capable and often submitted an antivirus that blocks a wide range of threats. But the hacking group found a way to abuse the legitimate Intel CPU by adjusting the driver “Bring your own vulnerable driver” Attack on completely disable Microsoft Defender.

The technique was observed from mid-July 2025. years and was already used in active purchasing campaigns. The method does not rely on the exploitation of software errors or provides obviously malicious files. Instead, the Windows driver system is used to provide access to a deep hardware.

Let’s talk about everything you need to know about the attack and how you can stay safe.

How are scams target you even without social media

Sign up for my free Cyberguy report
Get my best technical advice, emergency security warnings and exclusive offers delivered directly into your mail. In addition, you will receive current access to my top survival guide – free when you join my Cibergui.com Bulletin.

How to Akira Redemovar, Disables Microsoft Defender

Akir Ransomoware Group has developed a new way of circumstitious security tools using legitimately Intel CPU setup driver called RVDRV.SIS from TrottLestop to set up performance. Security Security Guide Safety that attackers load this driver on Windows, and then installs a second malicious driver, HLPDRV.sis, which changes the disabledpier registry setting via regedit.exe to turn off Microsoft Defender.

Once the defense counsel was disabled, the attackers can initiate other malicious programs undiscovered. The guide says this method is consistently noted in Akira campaigns since the middle of July.

Akira Redemption Available Microsoft Defender and Sonicwall VPNS targets

The same group was also associated with attacks targeted Sonicwall VPN devices. Sonicwall stated that these incidents probably include known vulnerability, CVE-2024-40766, not a completely new zero day. The company recommends limiting VPN access, enabling multifactor authentication and disabling unused accounts as direct defense.

Akira attacks Data stole are often involved, setting hidden remote access and ransoming for data encryption across the organization. Safety experts warn that false or galve websites are increasingly used to distribute these malicious tools.

The FBI warns seniors about a billion dollar decision for the drainage of pension, expert says it drives it

The researchers on the Guide published a rule of the IRA detection, together with filenames, services, SHA-256 Hashes and file paths to determine that this activity will be determined. They recommend administrators to actively monitor these indicators, apply filtering and blocking rules as new IOCs appears and only downloaded software from officials or proven sources.

We reached to Microsoft for a comment, but I didn’t hear before our deadline.

6 Ways to Protect From Akira Redemountain and Similar Threats

Microsoft’s defense counsel’s attack is smart and dangerous, but you are not without defense. Here are some tips to help you stay safe:

1) Use strong antivirus software

Even with regular updates, Windows systems can be left exposed if the defense is installed disabled. Powerful antivirus software with real-time protection, kernel level monitoring and frequent updates can provide a backup. The best way to protect yourself from malware that install malware, potential access to your private information is that powerful antivirus software is installed on all your devices. This protection can also warn you of phishing emails and redemption fraud, keeping your personal data and digital funds.

Get my choices for the best antivirus 2025 protection winners for your Windows, Mac, Android and iOS devices Cibergui.com.

2) Restriction of exposure

Many exploits rely on user interaction, such as clicking shadow connection, download a compromised file or installing an unreliable virtual disc. Hold with reputable sites, avoid opening unwanted email attachments and use browser with built-in security features (such as Microsoft Edge or Chrome with secure browsing).

3) Avoid doing unexpected commands

Never glue or run commands (such as PowerShell scripts) you do not understand or copied from random sites. Attackers often exceed users to unconsciously launch malware this way.

Google confirms data stolen in violation of familiar hacking groups

4) Update software

Update your operating system, browsers and all software applications regularly. Updates often include patches for security vulnerability that malware can exploit.

5) Use two-factor authentication (2Fa)

Enable 2Fa in all your accounts. This adds an additional security layer by requesting another form of verification, which is harder for attackers to get access even if they have your password.

6) Invest in personal data removal services

Even with powerful safety of the device, your personal information can still be exposed through data broker and locations to find people.

Although no service can guarantee full removal of data from the internet, a Data removal service is truly a smart choice. They are not cheap – nor your privacy either. These services perform all work for you by active tracking and systematic deletion of your personal data with hundreds of sites. This is what gives me peace of mind and showed that the most effective way to delete your personal data from the Internet. By limiting available information, you reduce the risk of transferring misdemeanor data with information with information that could find in the dark web, making them difficult to target them.

See my above selections for data removal and get free scan to find out if your personal information has visited your personal information already Cibergui.com.

Get free scan to find out if your personal information is already online: Cibergui.com.

Click here to get Fox News app

Kurt’s Key Takeaway

Akiri’s Trick shows a bigger disadvantage in the way Windows believes certain tools. The driver intended for the harmless setting of the CPU ends the key to turn off security. Since it is from a legitimate source, the windows only let him go without asking questions. We tend to think that hackers always go outward. Here are already in the confidence circle, using its own system rules.

Should Microsoft work more to stop ransomware groups to disable Defender? Let us know by writing to us Cibergui.com.

Sign up for my free Cyberguy report
Get my best technical advice, emergency security warnings and exclusive offers delivered directly to your mail. In addition, you will receive current access to my top survival guide – free when you join my Cibergui.com Bulletin.

Copyright 2025 Cybergui.com. All rights reserved.