Experts Uncover New 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers

Thu, 28 Jul 2022 7:14:00 Dan

"The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware's image."

Victims identified are said to be private individuals located in China, Vietnam, Iran, and Russia, with no discernible ties to any organization or industry vertical.

Rootkits, which are malware implants that are capable of embedding themselves in the deepest layers of the operating system, have morphed from a rarity to an increasingly common occurrence in the threat landscape, equipping threat actors with stealth and persistence for extended periods of time.

About the author

Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.