- Aug 17, 2014
Read more: Chinese hacker group spotted using a UEFI bootkit in the wild | ZDNetA Chinese-speaking hacking group has been observed using a UEFI bootkit to download and install additional malware on targeted computers.
UEFI firmware it is a crucial component for every computer. This crucial firmware inside a flash memory bolted to the motherboard and controls all the computer's hardware components and helps boot the actual user-facing OS (such as Windows, Linux, macOS, etc.).
Attacks on UEFI firmware are the Holy Grail of every hacker group, as planting malicious code here allows it to survive OS reinstalls.
Nonetheless, despite these benefits, UEFI firmware attacks are rare because tampering with this component is particularly hard as attackers either need physical access to the device or they need to compromise targets via complex supply chain attacks where the UEFI firmware or tools that work with UEFI firmware are modified to insert malicious code.
In a talk at the SAS virtual security conference today, security researchers from Kaspersky said they detected the second known instance of a widespread attack leveraging malicious code implanted in the UEFI.
Full report by researchers from Kaspersky: MosaicRegressor: Lurking in the Shadows of UEFI