Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild by Swati Khandelwal.
From the post:
Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe.
Dubbed LoJax, the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, to target several government organizations in the Balkans as well as in Central and Eastern Europe.
Operating since at least 2007, Sednit group is a state-sponsored hacking group believed to be a unit of GRU (General Staff Main Intelligence Directorate), a Russian secret military intelligence agency. The hacking group has been associated with a number of high profile attacks, including the DNC hack just before the U.S. 2016 presidential election.
UEFI, or Unified Extensible Firmware Interface, a replacement for the traditional BIOS, is a core and critical firmware component of a computer, which links a computer’s hardware and operating system at startup and is typically not accessible to users.
…
Khandelwal has a great explanation of LoJax with pointers to more detailed information.
At present the result of governmental development, it’s not unreasonable to expect LoJax to become commodity malware in a period of a year or two, perhaps less. Not unlike the first atomic bomb. The first one was true research, the second one and following, were matters of engineering.
Any number of governments and corporations merit being gifted with installations of LoJax.
Watching the anti-woman antics in the US Senate this week, made me think of several likely targets.