MoonBounce is only the third reported UEFI bootkit found in the wild. Moreover, because the code is located outside the hard drive, such bootkits activity goes virtually undetected by most security solutions unless they have a feature that specifically scans this part of the device. It cannot be removed simply by reformatting a hard drive or reinstalling an OS. If this firmware contains malicious code, then the code will be launched before the operating system, making malware implanted by a firmware bootkit especially difficult to delete. This code rests in SPI flash, non-volatile storage external to the hard disk. The UEFI firmware is a critical component in most modern machines its code is responsible for booting up the device and passing control to the software that loads the operating system. Kaspersky's researchers have attributed the attack with considerable confidence to the well-known advanced persistent threat (APT) actor APT41. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement compared to formerly reported UEFI firmware bootkits. Kaspersky says these implants are notoriously difficult to remove and have limited visibility to security products. The bootkit, dubbed MoonBounce, is a malicious implant hidden within a computer's Unified Extensible Firmware Interface (UEFI) firmware, an essential part of the computer. Kaspersky's researchers have uncovered the third case of a firmware bootkit in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |