DecryptedTech

Friday12 August 2022

Displaying items by tag: uefi malware

UEFI (Unified Extensible Firmware Interface) was designed to replace the old and outdated BIOS (Baic Input Output System). The older BIOS setup was slow and not very secure. It gave attackers several entry points for infection and persistence at that level. The older BIOS standard was also susceptible to attack and compromise (think the Chernobyl BIOS virus). Something new needed to be put in place to help speed things up and help account for more complex hardware and software. Hence the UEFI was born.

Published in Security Talk

APT group 41 also known as Winnti has been tied to a wonderful new piece of malware that does not infect your operating system, but the UEFI firmware on your device. The malware in question has been dubbed MoonBounce by the security researchers at Kaspersky who are responsible for finding it. APT41 has been in operation for a while and is identified by their tactics techniques and protocols (TTPs) which include stealthy attacks meant to maintain a long-term presence for information gathering on the target.

Published in Security Talk