Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant’s goal is to inject a malicious driver into the Windows kernel during the booting stages, providing attackers with a high level of persistence and stealthiness.
While MoonBounce is not the first UEFI rootkit found in the wild — LoJax, MosaicRegressor are two examples– these types of implants are not common because they require knowledge of low-level firmware programming. They are typically found in the arsenal of well-resourced and sophisticated attacker groups.
To read this article in full, please click here
More Stories
Live Video of Promachoteuthis Squid
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog...
YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack,...
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and...
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally...
PyPI Revival Hijack Puts Thousands of Applications at Risk
Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads Read More
Security Budgets Come Under Pressure as “Hypergrowth” Ends
Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows Read More