Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant’s goal is to inject a malicious driver into the Windows kernel during the booting stages, providing attackers with a high level of persistence and stealthiness.
While MoonBounce is not the first UEFI rootkit found in the wild — LoJax, MosaicRegressor are two examples– these types of implants are not common because they require knowledge of low-level firmware programming. They are typically found in the arsenal of well-resourced and sophisticated attacker groups.
More Stories
Ransomware Attacks Surge to Record High in December 2024
NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded Read More
AI Will Write Complex Laws
Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative...
Major Cybersecurity Vendors’ Credentials Found on Dark Web
Cyble has found thousands of security vendors' credentials on the dark web, likely pulled from infostealer logs Read More
Account Compromise and Phishing Top Healthcare Security Incidents
Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year Read More
Cloudflare Mitigates Record-Breaking 5.6Tbps DDoS Attack
Cloudflare warns of a surge in hyper-volumetric DDoS after revealing it stopped a massive 5.6Tbps attack Read More
Half a million hotel guests at risk after hackers accessed sensitive data
The personal information of almost half a million people is now in the hands of hackers after a security breach...