Security News > 2020 > October > China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
2020-10-05 14:40
A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday.
Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.
This allows the attackers to ensure that the Windows malware cannot be removed from the compromised system - the malware is rewritten to disk if removed, unless the malicious firmware is also removed.
There aren't too many known attacks involving UEFI malware.
ESET reported in 2018 that the Russia-linked threat group Fancy Bear had been using a UEFI rootkit in its attacks.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)