Security News > 2022 > January > New MoonBounce UEFI malware used by APT41 in targeted attacks
Security analysts have discovered and linked MoonBounce, "The most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group.
Kaspersky couldn't retrieve that payload for analysis or figure out how exactly the actors infected the UEFI firmware in the first place.
Kaspersky found multiple malware samples and loaders in other machines in the same network, but those were non-UEFI implants.
Kaspersky found plenty of evidence linking MoonBounce to APT41, ranging from the deployment of the ScrambleCross malware itself to unique certificates retrieved from its C2 servers which match previous FBI reports on APT41 activity.
While the U.S. Department of Justice identified and charged five APT41 members in September 2020, the existence of MoonBounce and the operation around it proves the threat actors weren't discouraged by the legal pressure.
APT41 remains a sophisticated threat actor who can develop evasive tools that bypass even the most impenetrable corporate networks.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)