Russian Fancy Bear Hacking Group Takes Advantage of UEFI Rootkit

December 24, 2018
Russian Fancy Bear Hacking Group Takes Advantage of UEFI Rootkit

What is the issue?

Some of us are aware that in today’s generation cybercrime is rampant the same as how technology improves. UEFI is replacing BIOS as a firmware for most computers and mother boards. With the advancement of the firmware comes an exploit hackers can use. Once infected with this malware rootkit it will be extremely difficult to cleanse the machine.

How Hard Can It Be?

Not even your general Anti Malware software can detect it once it has taken a deep seat within the UEFI firmware. To give you an overview, no matter how many times you reformat a hard drive or/and replace a hard drive the malware can be reinjected again despite a fresh install of an operating system. Why? Because the UEFI firmware is where the malicious code is injected.

More about the Malware

“Lojax” is the name of the agent that infects both the operating system and the firmware where firmware is the root location of it. Originally Lojax was known as Computerate which is a security software used to track a stolen laptop in the events of theft. It calls a specific server to provide a devices location.

Why is it resilient? Since its original function was to give away the location of a device once stolen, this will ensure that the tracking capabilities will still function. However now that a hacker group such as Fancy Bear were able to alter the code and turned it as a malicious one it can be a new revolution of an infection technique where not everyone is aware of.

The method or technique has been known for a while, because this concept was already being talked about in the past where leaked files show that both the CIA and the independent exploit discovery company Hacking Team have had the capability.

How Not To Get Infected

There are two known methods:

  1. Ensure that your device is new, because only old devices that uses UEFI are most likely vulnerable.
  2. Use the Windows Secure Boot Feature as this feature ensures that the firmware image on the machine matches the one from the manufacturer.
About the author

Leave a Reply