Security through data

CONTENT

  • Home
  • Blog
  • Data
  • Directory
  • Events
  • Tutorials

FEATURED

  • CyberAlerts
  • CyberDecoded
  • CyberWeekly
  • CyberStory
  • CyberTips

COMPANY

  • About us
  • Advertise
  • Legal & Policy
Cybermaterial
  • CATEGORIES
    • Alerts
    • APIs
    • Apps
    • Blog
    • Cyber101
    • Documents
    • Entertainment
    • Learning
    • Quotes
    • Stats
    • Tools
No Result
View All Result
Contact Us
Newsletter
Cybermaterial
  • CATEGORIES
    • Alerts
    • APIs
    • Apps
    • Blog
    • Cyber101
    • Documents
    • Entertainment
    • Learning
    • Quotes
    • Stats
    • Tools
No Result
View All Result
Contact Us
Newsletter
Cybermaterial
No Result
View All Result

Kaspersky researchers spot malware embedded in UEFI firmware on motherboards of victims’ devices

By Sofia C.

in Alerts, Blog, Malware
2 min read
October 7, 2020

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.  The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

At Kaspersky’s Security Analyst Summit this week, researchers Mark Lechtik and Igor Kuznetsov revealed their findings about a dangerous malware sample, which was detected on the PCs of two of Kaspersky’s customers earlier this year. The malware is particularly rare—and dangerous—because it’s engineered to alter a target computer’s Unified Extensible Firmware Interface, the firmware that is used to load the computer’s operating system. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive, infections can persist even if a computer’s entire hard drive is wiped or its operating system is reinstalled, making it far harder to detect or remove than normal malware.

The UEFI implant spotted was used to deploy a new piece of malware that experts classified as a variant derived from a wider framework that they tracked as MosaicRegressor. A more traditional piece of spyware on the computer’s hard drive. But even if that second-stage payload is discovered and wiped, the UEFI remains infected and can simply deploy it again.

The MosaicRegressor framework was developed for cyber espionage purposes, its modular architecture allows operators to perform multiple actions.

Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019. The list of victims included NGOs and diplomatic entities in Asia, Africa and Europe.

Researchers speculate the threat actors behind these attacks are linked with the Winnti APT.

Sources: Kaspersky Labs – Wired

Tags: AlertsKasperskyMalwareMosaicRegressorUEFI firmwareWindows
24
VIEWS

More Alerts

New variant of the QRAT downloader embedded in fake video
Alerts

New variant of the QRAT downloader embedded in fake video

Guidance on Obsolete Encryption Tools released by NSA

Guidance on Obsolete Encryption Tools released by NSA

Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance v2
Alerts

Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance v2

MORE

What’s your address..

Books

Book: Cracking Codes with Python

Quotes

“Companies in the industries where quantum will have the greatest potential for complete disruption should get involved in quantum right now.”

Attacking Kerberos

ADVERTISEMENT

Tags

Books Cyber Definition Cybersecurity Hackers Malware Memes Movies Quantum Computing Software Word of the day

© 2021 | CyberMaterial | All rights reserved.

SECURITY THROUGH DATA

No Result
View All Result
  • Home
  • Blog
  • Data
  • Directory
  • Events
  • Tutorials
  • CyberDecoded
  • Stats
  • CyberStory
  • CyberTips
  • Cyber Weekly

© 2020 CyberMaterial - Cyber Decoded.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.