UEFI rootkits: The first public attack was discovered

UEFI rootkits are considered extremely dangerous tools, as they are difficult to detect, but also because they can "survive" drastic security measures, such as reinstalling the operating system or even replacing the hard drive. . UEFI rootkits

Some UEFI rootkits have been presented as PoCs at security conferences, and perhaps some of them are available to government agencies. However, no UEFI rootkit release has been detected to date. However, ESET reportedly discovered a campaign from the Sednit APT which successfully UEFI rootkits.

The discovery of the first UEFI rootkits is remarkable because it shows that malware is a real threat and is not just an attractive subject of a conference.

ESET's analysis of the Sednit campaign using the UEFI rootkit was presented on September 27 at Microsoft BlueHat 2018 and is detailed in the white paper: “LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group”.

H om;ada Sednit has been operating since at least 2004 and has carried out major attacks on high-profile targets in recent years. For example, the group reportedly carried out the attack on Justice of the USA before the American of 2016. The group is also considered responsible for the attack on the global television network TV5Monde, and more.
The ESET survey found that this particular team managed to install a UEFI rootkit at least once in a flash SPI system. The method is highly invasive, as malware can survive both after reinstalling the operating system and after replacing the hard disk.

The Sednit team used several components of LoJax malware to hit governmental organizations in the Balkans, Central and Eastern Europe.

You can read the entire ESET analysis from the following link

https://www.welivesecurity.com

________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).