ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe. The thing about this virus is, it is a rootkit that houses itself un the EUFI BIOS. meaning even swapping SSDs or Installing Fresh Windows would make it return.
UEFI rootkits are widely viewed as extremely dangerous tools for implementing cyberattacks, as they are hard to detect and able to survive security measures such as operating system reinstallation and even a hard disk replacement. Some UEFI rootkits have been presented as proofs of concept; some are known to be at the disposal of (at least some) governmental agencies. However, no UEFI rootkit has ever been detected in the wild – until we discovered a campaign by the Sednit APT group that successfully deployed a malicious UEFI module on a victim’s system.
Security researchers explain that they found three different types of tools on a victim's computer. Two of them are responsible for gathering details about the system firmware and for creating a copy of the system firmware by reading the SPI flash memory module, where the UEFI firmware is located.
Full story at Guru 3D.
By Hilbert Hagedoorn.
No comments:
Post a Comment