UEFI rootkits are considered extremely dangerous tools, as they are difficult to detect, but also because they can "survive" radical security measures, such as reinstalling the operating system or even replacing the hard drive.
Some UEFI rootkits have been presented as PoCs at security conferences, and perhaps some of them are available to government agencies. However, no UEFI rootkit release has been detected to date. However, ESET reportedly discovered a campaign from the team Sednit APT successfully using UEFI rootkits.
Η discovery του πρώτου UEFI rootkits είναι αξιοσημείωτη γιατί δείχνει ότι το κακόβουλο λογισμικό αποτελεί μια πραγματική απειλή και δεν είναι απλώς ένα ελκυστικό θέμα μιας διάσκεψης.
ESET's analysis of the Sednit campaign using the UEFI rootkit was presented on September 27 at the conference Microsoft BlueHat 2018 and is detailed in the white paper: “LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group”.
H om? Ada Sednit works by at least 2004 and has been a major attack on high profile goals in recent years. For example, the group allegedly carried out the attack on the US Department of Justice before the 2016 US elections. The team is also held responsible for the attack on TV5Monde, and many more.
Η research ESET found that this group succeeded at least once in installing a UEFI rootkit on a system SPI flash. The method is particularly invasive, as the malware can survive even after reinstalling the operating system and even after replacing the hard drive.
The Sednit team used several components of LoJax malware to hit governmental organizations in the Balkans, Central and Eastern Europe.
You can read the entire ESET analysis from the following link
https://www.welivesecurity.com
________________________
- Windows vs Linux you like does not like it
- Windows 10 October 2018 Update Installation and a first look