Security News > 2020 > October > China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
2020-10-05 14:40
A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday.
Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.
This allows the attackers to ensure that the Windows malware cannot be removed from the compromised system - the malware is rewritten to disk if removed, unless the malicious firmware is also removed.
There aren't too many known attacks involving UEFI malware.
ESET reported in 2018 that the Russia-linked threat group Fancy Bear had been using a UEFI rootkit in its attacks.
News URL
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- China, Russia, Iran, and North Korea Intelligence Sharing (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)