The researchers believe a Chinese-speaking threat actor is behind the attacks, and they estimate "with low confidence" that the actor has previously used a Winnti backdoor. The UEFI bootkit was used against two of these targets. The victims were diplomatic and NGO targets in Asia, Africa, and Europe. MosaicRegressor, the malware installed by the bootkit, has been used to target "several dozen victims" between 20, all of whom had some connection to North Korea. They also point out that the malware could have been placed remotely if the attackers were able to compromise the firmware update mechanism, but this remains speculation. The researchers don't know how exactly the bootkit is placed on a system, although they note that Hacking Team's VectorEDK relied on an attacker physically plugging a USB key into the target device. This type of malware modifies the device's Unified Extensible Firmware Interface (UEFI)-the firmware that boots up the operating system-so that the device will be reinfected even if the hard drive or operating system is replaced. This malware is designed to steal data, and is part of a larger malware framework that Kaspersky has named "MosaicRegressor."Ä«leepingComputer observes that this is only the second UEFI bootkit ever discovered in the wild (the first being LoJax, attributed by ESET to Russia's APT28). The new bootkit differs only slightly from VectorEDK, but it deploys a previously unobserved strain of malware rather than one of Hacking Team's backdoors. One of these tools, a bootkit dubbed "VectorEDK," served as the basis for the malware found by Kaspersky. Hacking Team was a controversial offensive security company based in Italy that suffered a devastating data breach in 2015 that exposed many of its hacking tools. Researchers at Kaspersky discovered a modified version of a leaked Hacking Team tool used against two diplomatic targets in Asia, WIRED reports. Fileless attack using Windows Error Reporting.BlackTech deploys new malware in espionage campaign.UEFI malware based on Hacking Team tool.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |