China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
Kaspersky researchers released new information regarding a Chinese threat actor and their use of UEFI malware in attacks targeting organizations with a relationship to North Korea. On Monday, Kaspersky announced that they had analyzed the malware and malicious activity after discovering suspicious UEFI firmware images. The investigation revealed components based on source code leaked in 2015 by a cybercriminal who was able to breach the systems of an Italian surveillance solutions organization.
Although Kaspersky has not figured out how the threat actors were able to rewrite the firmware, it is possible that the deployment involved physical access to the targeted device via a USB key. Kaspersky stated that it is important not to rule out other possibilities where the rogue firmware was administered remotely, however, it seems likely that physical access was required at this point.