![]() ![]() “We can obviously say that by deploying a UEFI rootkit the attackers were aiming for the highest level of persistence on those machines. The new UEFI rootkit, though low in terms of infection numbers, demonstrates that top level attackers have not slowed their development of tools, especially those that grant them long-term access to target environments. The targets identified by Kaspersky include NGOs and diplomatic organizations in several countries in Europe, Africa, and Asia, many of which are focused on work related to North Korea. There were several indications in the tools’ code and elsewhere that led the researchers to conclude that the attacks were the work of a Chinese-speaking group, however they did not pin the operations on any specific team. The malicious firmware images were one part of the attacks that the researchers investigated, attacks that also involved the installation of various other pieces of malware, all aimed at data theft and espionage. But the use of a modified firmware image, albeit one based on an existing tool, as part of the attack chain suggests that the operation is the work of a competent and proficient attacker. ![]() The framework repurposes tools built by Hacking Team that were leaked several years ago.Īttacks involving malicious UEFI firmware are quite rare, for a number of reasons, and researchers at Kaspersky who discovered this most recent one said it’s unclear how the attackers gained initial access to the compromised computer. An attack group likely based in China has recently been using a new malicious framework called MosaicRegressor in operations against diplomatic and NGO targets, one of which involved the installation of malicious UEFI firmware images on a compromised machine. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |