DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Alerts

Kaspersky researchers spot malware embedded in UEFI firmware on motherboards of victims’ devices

By Sofia C.

October 7, 2020
Reading Time: 2 mins read
in Alerts

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.  The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

At Kaspersky’s Security Analyst Summit this week, researchers Mark Lechtik and Igor Kuznetsov revealed their findings about a dangerous malware sample, which was detected on the PCs of two of Kaspersky’s customers earlier this year. The malware is particularly rare—and dangerous—because it’s engineered to alter a target computer’s Unified Extensible Firmware Interface, the firmware that is used to load the computer’s operating system. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive, infections can persist even if a computer’s entire hard drive is wiped or its operating system is reinstalled, making it far harder to detect or remove than normal malware.

The UEFI implant spotted was used to deploy a new piece of malware that experts classified as a variant derived from a wider framework that they tracked as MosaicRegressor. A more traditional piece of spyware on the computer’s hard drive. But even if that second-stage payload is discovered and wiped, the UEFI remains infected and can simply deploy it again.

The MosaicRegressor framework was developed for cyber espionage purposes, its modular architecture allows operators to perform multiple actions.

Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019. The list of victims included NGOs and diplomatic entities in Asia, Africa and Europe.

Researchers speculate the threat actors behind these attacks are linked with the Winnti APT.

Sources: Kaspersky Labs – Wired

Tags: AlertsAlerts 2020Blog 2020Drive by attackKasperskyMalwareNovemberUEFI firmwarevirusWindows
6
VIEWS
ADVERTISEMENT

Related Posts

AI can fool Australian voice ID

AI can fool Australian voice ID

March 22, 2023
ScarCruft APT uses weaponized CHM files

ScarCruft APT uses weaponized CHM files

March 22, 2023
Flaws in Delta and Rockwell

Flaws in Delta and Rockwell

March 22, 2023
Google suspends Pinduoduo app over malware

Google suspends Pinduoduo app over malware

March 22, 2023

More Articles

Alerts

FANUC security advisory (AV22-214)

April 19, 2022
Alerts

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

September 8, 2021

5G CYBERSECURITY Preparing a Secure Evolution to 5G

March 31, 2021
Incidents

LockBit ransomware gang claims Royal Mail cyberattack

February 7, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.