Security News > 2022 > January > New MoonBounce UEFI malware used by APT41 in targeted attacks
Security analysts have discovered and linked MoonBounce, "The most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group.
Kaspersky couldn't retrieve that payload for analysis or figure out how exactly the actors infected the UEFI firmware in the first place.
Kaspersky found multiple malware samples and loaders in other machines in the same network, but those were non-UEFI implants.
Kaspersky found plenty of evidence linking MoonBounce to APT41, ranging from the deployment of the ScrambleCross malware itself to unique certificates retrieved from its C2 servers which match previous FBI reports on APT41 activity.
While the U.S. Department of Justice identified and charged five APT41 members in September 2020, the existence of MoonBounce and the operation around it proves the threat actors weren't discouraged by the legal pressure.
APT41 remains a sophisticated threat actor who can develop evasive tools that bypass even the most impenetrable corporate networks.
News URL
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- SK Telecom warns customer USIM data exposed in malware attack (source)