MoonBounce: Chinese Group Deploys MoonBounce Implant in UEFI Firmware
January 21, 2022
The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
The FirmGuard Blog
The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
ESET discovered a UEFI bootkit they call “ESPecter” which is so named because it targets the EFI System Partition (ESP).
A buffer overflow vulnerability has been identified in the Dell BIOSConnect feature, which allows users to update their BIOS firmware from the cloud.
Alert (AA20-352A) – US-Cert – CISA
In December 2020, cybersecurity researchers at FireEye discovered and reported a supply chain attack on SolarWinds software.
Trickboot is an extension of the infamous Trickbot (first identified in 2016) malware. Trickbot developers have created a new module that probes for UEFI vulnerabilities, because
Kaspersky Labs discovered a malware framework they dubbed MosaicRegressor which was used in a series of targeted cyberattacks directed against diplomats and members of an NGO from Africa, Asia, and Europe.
On September 27, 2018, security researchers from ESET publicly disclosed the discovery of a UEFI rootkit named “LoJax” that was “found in the wild.”
CVE-2018-8930, CVE-2018-8931, CVE-2018-8932, CVE-2018-8933, CVE-2018-8934, CVE-2018-8935, CVE-2018-8936
On March 13, 2018, security researchers from CTS Labs publicly disclosed vulnerabilities discovered in certain AMD silicon, named MASTERKEY, RYZENFALL, FALLOUT, and CHIMERA. Phoenix’s UEFI firmware is not vulnerable to these attacks.
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
A new class of security vulnerabilities, named Meltdown and Spectre, became public knowledge in early January 2018.
VectorEDK is a UEFI rootkit created by the controversial Italian company Hacking Team as part of a suite of tools that they sold to governments and law