Security News > 2020 > October > China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
2020-10-05 14:40
A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday.
Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.
This allows the attackers to ensure that the Windows malware cannot be removed from the compromised system - the malware is rewritten to disk if removed, unless the malicious firmware is also removed.
There aren't too many known attacks involving UEFI malware.
ESET reported in 2018 that the Russia-linked threat group Fancy Bear had been using a UEFI rootkit in its attacks.
News URL
Related news
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- North Korea's fake IT worker scam hauled in at least $88M over six years (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)