Security News > 2020 > October > China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
2020-10-05 14:40
A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday.
Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.
This allows the attackers to ensure that the Windows malware cannot be removed from the compromised system - the malware is rewritten to disk if removed, unless the malicious firmware is also removed.
There aren't too many known attacks involving UEFI malware.
ESET reported in 2018 that the Russia-linked threat group Fancy Bear had been using a UEFI rootkit in its attacks.
News URL
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- US govt says North Korea stole over $659 million in crypto last year (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Crypto klepto North Korea stole $659M over just 5 heists last year (source)