CyberNews Briefs

China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks

Kaspersky researchers released new information regarding a Chinese threat actor and their use of UEFI malware in attacks targeting organizations with a relationship to North Korea. On Monday, Kaspersky announced that they had analyzed the malware and malicious activity after discovering suspicious UEFI firmware images. The investigation revealed components based on source code leaked in 2015 by a cybercriminal who was able to breach the systems of an Italian surveillance solutions organization.

Although Kaspersky has not figured out how the threat actors were able to rewrite the firmware, it is possible that the deployment involved physical access to the targeted device via a USB key. Kaspersky stated that it is important not to rule out other possibilities where the rogue firmware was administered remotely, however, it seems likely that physical access was required at this point.

Read More: China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.