• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Third Firmware Bootkit Discovered

You are here: Home / General Cyber Security News / Third Firmware Bootkit Discovered
January 20, 2022

Cybersecurity scientists at Kaspersky have found a third identified scenario of a firmware bootkit in the wild.

The kit, which created its initial visual appeal in the wild in the spring of 2021, has been named MoonBounce. Researchers are confident that the campaign is the function of nicely-known Chinese-talking innovative persistent threat (APT) actor APT41.

MoonBounce demonstrates a more complicated attack move and bigger complex sophistication than earlier discovered bootkits LoJax and MosaicRegressor.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The malicious implant was observed hiding inside the Main_DXE part of the Unified Extensible Firmware Interface (UEFI) firmware. UEFI firmware is critical due to the fact its code is dependable for booting up a system and passing management to the program that masses the running process (OS). 

After MoonBounce’s factors have built their way into the running technique, they arrive at out to a command & control server to retrieve further malicious payloads, which Kaspersky researchers could not retrieve.

The code to boot the device is saved in a non-unstable component exterior to the tough push identified as the Serial Peripheral Interface (SPI) flash. 

Scientists mentioned that Bootkits of this form are exceptionally really hard to detect for the reason that the code they concentrate on is positioned exterior of the device’s tricky push in an location that most security remedies do not scan as typical. 

Firmware bootkits are also hard to delete. They cannot be eradicated just by reformatting a really hard drive or reinstalling an OS because the code is launched ahead of the operating technique.

“The an infection chain by itself does not leave any traces on the tricky push, because its elements work in memory only, therefore facilitating a fileless attack with a little footprint,” famous researchers. 

Though investigating MoonBounce, scientists appeared to detect a website link between the bootkit and Microcin malware utilised by the SixLittleMonkeys danger actor.

“While we cannot definitely hook up the extra malware implants identified during our exploration to MoonBounce especially, it does look as if some Chinese-talking danger actors are sharing equipment with a single another to aid in their different strategies there specially appears to be to be a very low self-confidence link involving MoonBounce and Microcin,” explained Denis Legezo, senior security researcher with Fantastic (Kaspersky’s Worldwide Analysis and Analysis Group).


Some pieces of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «pervasive apple safari bug exposes web browsing data, google ids Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
Next Post: 11:11 Systems Acquires iland Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Unified endpoint management solutions 2021-22
  • Misconfigured Firebase Databases Exposing Data in Mobile Apps
  • Six myths of SIEM
  • US Passes “Game-Changing” Cyber Incident Reporting Legislation
  • How a platform approach to security monitoring initiatives adds value
  • Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion
  • Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
  • DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly
  • The Golden Hour of Incident Response
  • Microsoft Defender drops “downpour” of false ransomware alerts on customers

Copyright © TheCyberSecurity.News, All Rights Reserved.