SECURITY THROUGH DATA

CYBER 101

  • Blog
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Entertainment
  • FAQ

Cyber Risks

  • Alerts
  • Attackers
  • Incidents
  • Threats

Cyber Education

  • Books
  • Certifications
  • Courses
  • Definitions
  • Documents
  • Domains
  • Quotes
  • Tutorials
  • Trivia
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
No Result
View All Result

Kaspersky researchers spot malware embedded in UEFI firmware on motherboards of victims’ devices

By Sofia C.

October 7, 2020
2 min read
in Alerts

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.  The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

At Kaspersky’s Security Analyst Summit this week, researchers Mark Lechtik and Igor Kuznetsov revealed their findings about a dangerous malware sample, which was detected on the PCs of two of Kaspersky’s customers earlier this year. The malware is particularly rare—and dangerous—because it’s engineered to alter a target computer’s Unified Extensible Firmware Interface, the firmware that is used to load the computer’s operating system. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive, infections can persist even if a computer’s entire hard drive is wiped or its operating system is reinstalled, making it far harder to detect or remove than normal malware.

The UEFI implant spotted was used to deploy a new piece of malware that experts classified as a variant derived from a wider framework that they tracked as MosaicRegressor. A more traditional piece of spyware on the computer’s hard drive. But even if that second-stage payload is discovered and wiped, the UEFI remains infected and can simply deploy it again.

The MosaicRegressor framework was developed for cyber espionage purposes, its modular architecture allows operators to perform multiple actions.

Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019. The list of victims included NGOs and diplomatic entities in Asia, Africa and Europe.

Researchers speculate the threat actors behind these attacks are linked with the Winnti APT.

Sources: Kaspersky Labs – Wired

Related

Tags: AlertsAlerts 2020Blog 2020Drive by attackKasperskyMalwareMosaicRegressorNovemberUEFI firmwarevirusWindows
0
VIEWS
ADVERTISEMENT

Related Posts

IBM security advisory (AV22-276)

IBM security advisory (AV22-276)

May 17, 2022
Siemens Industrial PCs and CNC devices

Siemens Industrial PCs and CNC devices

May 16, 2022
Mitsubishi Electric MELSOFT iQ AppPortal

Mitsubishi Electric MELSOFT iQ AppPortal

May 16, 2022
Delta Electronics CNCSoft

Delta Electronics CNCSoft

May 16, 2022

More Articles

Tool

HIPAA Risk Assessment – Software

April 5, 2022
Tool

FireEye Helix

May 2, 2022

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween

October 21, 2021

Mutual Authentication

April 1, 2021
ADVERTISEMENT

© 2022 | CyberMaterial | All rights reserved.

  • About us
  • Contact
  • Legal and Privacy Policy
No Result
View All Result
  • Cyber101
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Incidents
  • Cyber Education
    • Book
    • Certification
    • Course
    • Definition
    • Document
    • Quotes
    • Tutorials
  • Cyber Opportunities

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Posting....