ESET researchers discover LoJax, the first-ever UEFI rootkit detected in a cyberattack

In Summary :

ESET researchers have discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers. Dubbed LoJax by ESET, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.

“Although, in theory we were aware that UEFI rootkits existed, our discovery confirms they are used by an active APT group. So they are no longer just an attractive topic at conferences, but a real threat,” comments Jean-Ian Boutin, ESET senior security researcher who led the research into LoJax and Sednit’s campaign.

UEFI rootkits are extremely dangerous formidable tools for the launch of cyberattacks. They serve as a key to the whole computer, are hard to detect and able to survive cybersecurity measures such as reinstallation of the operating system or even a hard disk replacement. Moreover, even cleaning a system that was infected with a UEFI rootkit requires knowledge well beyond the reach of a typical user, such as flashing the firmware.

Sednit, also known as APT28, STRONTIUM, Sofacy or Fancy Bear, is one of the most active APT groups and has been operating since at least 2004. Allegedly, the Democratic National Committee hack that affected the 2016 US elections, the hacking of global television network TV5Monde, the World Anti-Doping Agency email leak, and many [...]

kindly refer the following link as follow up :
https://ift.tt/2DIFWj0