UEFI Rootkit – WindowsTechs.com

Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says

Posted on October 5, 2020 by Sean Lyngaas

Spies have long coveted the ability to compromise a computer’s booting process and, with it, the ability to control just about every part of the machine. The booting process — how a computer powers on — offers access to the machine’s operating system and all of the accompanying sensitive data. The crucial computing code that manages that booting process, known as UEFI firmware, represents a valuable target for hackers, though also one that remains difficult to infiltrate. Researchers from security company Kaspersky on Monday revealed what they described as the second case of malicious UEFI firmware found in use in the wild. Security specialists found UEFI implants that appeared to be part of a larger hacking operation carried out by Chinese-speaking operatives against diplomatic organizations and non-governmental organizations in Africa, Asia and Europe, researchers said. It’s an apparent case of cyber-espionage that took place from 2017 to 2019, with the evident aim of gathering information related to North Korea. All of the […]

The post Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says appeared first on CyberScoop.

Continue reading Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says→

How an NSA researcher plans to allow everyone to guard against firmware attacks

Posted on August 22, 2019 by Shannon Vavra

A years-long project from researchers at the National Security Agency that could better protect machines from firmware attacks will soon be available to the public, the lead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmware in a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler — code that allows a machine to make adjustments on the hardware level — as part of the open source firmware platform Coreboot. Eugene Myers, who works in the National Security Agency’s Trusted Systems Research Group, told CyberScoop that the end product — known as an SMI Transfer Monitor with protected execution (STM-PE) — will work with x86 processors that run Coreboot. Attackers are increasingly targeting firmware in order to run malicious attacks. Just last year, the first-ever documented UEFI rootkit was deployed in the wild, according […]

The post How an NSA researcher plans to allow everyone to guard against firmware attacks appeared first on CyberScoop.

Continue reading How an NSA researcher plans to allow everyone to guard against firmware attacks→

Russian Hacker Group APT28 Used UEFI Rootkit on Select Targets

Posted on September 28, 2018 by Lucian Constantin

Security researchers have found malicious versions of the LoJack anti-theft software on computers belonging to government agencies from the Balkans and Central and Eastern Europe. They attribute the attacks to the a notorious Russian cyberespionage gr… Continue reading Russian Hacker Group APT28 Used UEFI Rootkit on Select Targets→

Russians’ stealthy ‘LoJax’ malware can infect on the firmware level

Posted on September 27, 2018 by Zaid Shoorbajee

Researchers with cybersecurity company ESET have discovered a malware campaign that is able to compromise a device’s firmware component, which they say in a report published Thursday is the first known instance of such an attack in the wild. ESET says that it found attributes in the malware that link it to the prominent Russian hacking group APT28. The malware, dubbed LoJax, can “serve as a key to the whole computer” by infecting the Unified Extensible Firmware Interface (UEFI) of a device, according to the report. ESET explains that firmware rootkits like LoJax have in the past been demonstrated in theory and are suspected to be in use by some governments, but haven’t been observed in the wild. This kind of malware is hard to detect and has advanced persistence properties, as it’s able to survive a complete operating system reinstall and even a hard drive replacement. If LoJax sounds […]

The post Russians’ stealthy ‘LoJax’ malware can infect on the firmware level appeared first on Cyberscoop.

Continue reading Russians’ stealthy ‘LoJax’ malware can infect on the firmware level→

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Posted on September 27, 2018 by Swati Khandelwal

Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe.

Dubbed Lo… Continue reading Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild→