Security News > 2022 > June > Conti ransomware targeted Intel firmware for stealthy attacks

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks.
It is important to note that contrary to TrickBot's module that targeted UEFI firmware flaws, aiding Conti infections and later undertaken by the ransomware group, the new findings indicate that the malicious engineers were striving to discover new, unknown vulnerabilities in the ME. Firmware attacks in ransomware.
For a firmware attack to be possible, the ransomware actors would first need to access the system via a common pathway such as phishing, exploiting a vulnerability, or performing a supply chain attack.
Conti could use this attack flow to brick systems permanently, gain ultimate persistence, evade anti-virus and EDR detections, and bypass all security controls at the OS layer.
While the Conti operation appears to have shut down, many of its members have moved to other ransomware operations where they continue to conduct attacks.
As the researchers explain, Conti had a working PoC for these attacks since last summer, so it's likely that they already had the chance to employ it in actual attacks.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)