Membership is FREE!   Professional Designations for Business & Technology Professionals

Cybersecurity

UEFI malware rears ugly head again: Kaspersky uncovers campaign with whiff of China

1 Mins read

It’s like Hacking Team all over again

Russian antivirus maker Kaspersky has said it uncovered “rogue UEFI firmware images” – malware – seemingly developed by black hats with links to China. The rogue images had been “modified from their benign counterpart to incorporate several malicious modules”, according to a post on Kaspersky’s Securelist blog, which named the attack MosaicRegressor.

“MosaicRegressor is a multi-stage and modular framework aimed at espionage and data gathering. It consists of downloaders, and occasionally multiple intermediate loaders, that are intended to fetch and execute payload on victim machines,” said Kaspersky in a statement.

The firm explained that UEFI firmware is “typically shipped within SPI flash storage that is soldered to the computer’s motherboard”, and thus any malware injected into it is “resistant to OS reinstallation or replacement of the hard drive.” The technique shot to public prominence in 2015 when malware-for-governments purveyor Hacking Team was itself hacked, with details of its firmware-level spyware becoming public knowledge.

The malware-laden MosaicRegressor images were discovered in use as part of a wider campaign targeting charities in Africa, Asia, and Europe, “all showing ties in their activity to North Korea” – though Kaspersky attributed the malicious software to “a Chinese-speaking” person or group, possibly connected to the Winnti hacking crew. A single IP address mentioned in a previous list of suspected C2 infrastructure linked to Winnti gave Kaspersky a clue as to its origins, though no more than that.

“After further analysis we were able to determine that [the UEFI images] were based on the leaked source code of Hacking Team’s VectorEDK bootkit, with minor customizations,” the company added.

The malicious firmware modules wrote…

Read The Full Article

Related posts
CybersecurityData BreachesPrivacy

Emmanuel Macron identified in leaked Pegasus project data

6 Mins read
The leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and…
CybersecurityPrivacy

Internet Privacy in the Age of Surveillance

9 Mins read
Pew Research Center reports that “91% of adults agree or strongly agree that consumers have lost control of how personal information is…
Cybersecurity

Massive Supply-Chain Cyberattack Breaches Several Airlines

4 Mins read
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers. A communications and IT vendor…
Join BIZTEK

Yes, I have read and live by this Code of Ethics - https://biztek.org/code-of-ethics/. We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at info@biztek.org or call us at 647 499 2744. You can unsubscribe at any time.