A new Unified Extensible Firmware Interface (UEFI) firmware rootkit called CosmicStrand, which resides in firmware images of Gigabyte or ASUS motherboards, has been attributed to to unknown Chinese-speaking hackers, according to researchers at the Kaspersky cybersecurity company. "We noticed that all these images are related to designs using the H81 chipset," said the researchers. "This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware's image."
Attacks aim to interfere with the operating system loading process to implement a kernel-level implant into a Windows machine whenever it is booted. It uses this access to launch shellcode that connects to a remote server to retrieve the malware to be deployed on the system. Researchers noted CosmicStrand appears to have been used in the wild since the end of 2016, before UEFI rootkit exploits began to be publicly detailed.
From The Hacker News
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found