Security News > 2020 > October > China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday.
Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.
This allows the attackers to ensure that the Windows malware cannot be removed from the compromised system - the malware is rewritten to disk if removed, unless the malicious firmware is also removed.
There aren't too many known attacks involving UEFI malware.
ESET reported in 2018 that the Russia-linked threat group Fancy Bear had been using a UEFI rootkit in its attacks.
News URL
Related news
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Five charged for cyber schemes to benefit North Korea's weapons program (source)
- Five charged for cyber schemes to benefit North Korea's weapons program (source)
- Five charged for cyber schemes to benefit North Korea's weapons program (source)