Security News > 2020 > October > Rare Bootkit Malware Targets North Korea-Linked Diplomats
Kaspersky observed several dozen victims who received components from the MosaicRegressor framework between 2017 and 2019 - all of whom had ties to North Korea.
"UEFI firmware makes for a perfect mechanism of persistent malware storage," Kaspersky researchers explained.
Delving even deeper, they found that the components were all based on a customized version of the leaked source code of HackingTeam's VectorEDK bootkit.
It's used as a first-stage tool to deploy the main bootkit component, SmmAccessSub, later on in the attack chain.
Kaspersky did uncover one example of a late-stage component, an info-stealer called "Load.rem." It fetches files from the "Recent Documents" directory and archives them with a password, "Likely as a preliminary step before exfiltrating the result to the C2 by another component," according to Kaspersky.
News URL
https://threatpost.com/bootkit-malware-north-korea-diplomats/159846/
Related news
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet (source)
- FBI officially fingers North Korea for $1.5B Bybit crypto-burglary (source)
- $1.5B Bybit Hack is Linked to North Korea, FBI Says, in Potentially the Largest Crypto Heist Ever (source)
- China, Russia, Iran, and North Korea Intelligence Sharing (source)
- U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe (source)
- North Korea’s fake tech workers now targeting European employers (source)