Technology
Russian hackers are taking their cyber warfare to the next level
Russian hackers are upping the ante of their cyberattacks.
The next level of cyber warfare may not be here thanks to the latest weapon being utilized by Russian hackers.
Researchers with the cybersecurity company ESET have discovered what is believed to be the first known UEFI rootkit malware used in a cyber attack. In a blog post, ESET explains:
“The discovery of the first in-the-wild UEFI rootkit is notable for two reasons. First, it shows that UEFI rootkits are a real threat, and not merely an attractive conference topic. And second, it serves as a heads-up, especially to all those who might be in the crosshairs of Sednit. This APT group, also known as APT28, STRONTIUM, Sofacy and Fancy Bear, may be even more dangerous than previously thought.”
If the name “Fancy Bear” sounds familiar, it’s because they’re the hacking group embedded in Russia’s GRU intelligence agency that has been found responsible for the 2016 DNC emails hack and various misinformation campaigns surrounding the US elections. Earlier this summer, special counsel Robert Mueller indicted a number of Russian nationals with the Fancy Bear hacking group for their role in these attacks.
Previously these Russian hackers had deployed various methods ranging from social engineering to spear-phishing emails as the means of their attacks. This discovery of sophisticated rootkit malware being deployed takes this all to a whole new level.
This instance of malware has been dubbed LoJax as it copies portions of LoJack’s Absolute LoJack software, which is intended to find stolen laptops and remotely wipe the hard drive of a missing computer. Because of this, this rootkit malware only affects PCs.
The main issue with rootkit malware is that it embeds itself into a computer’s firmware and can’t be easily removed. Reinstalling the operating system or replacing the hard drive of the computer will not cut off the hackers’ access to the device. In fact, according to ESET, the main two options of recourse once infected is to manually reflash a computer’s memory with new firmware, which is a fairly difficult, technical process, or to just completely replace the computer’s motherboard. Basically, if a computer is compromised by LoJax, your best option is probably to toss that computer in the trash.
According to ESET, different components of the LoJax malware has already been discovered in attacks deployed against “a few government organizations in the Balkans as well as in Central and Eastern Europe. ESET’s investigation concluded that the hackers were ”successful at least once in writing a malicious UEFI module into a system’s SPI flash memory.”
This discovery should serve as a warning that the hacking threat is only escalating as malicious actors look to fool-proof future methods of attack.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Business7 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Entertainment7 days ago
Mark Zuckerberg has found a new sense of style. Why?
-
Business6 days ago
Humanoid robots are learning to fall well
-
Entertainment6 days ago
2024 summer TV preview: 33 TV shows to watch this summer
-
Business5 days ago
Google Gemini: Everything you need to know about the new generative AI platform
-
Entertainment5 days ago
‘Bridgerton’: Everything you need to remember before Season 3
-
Business3 days ago
Haun Ventures is riding the bitcoin high
-
Entertainment3 days ago
Hands-on with the Claude AI app: It’s pleasant to use, but janky