Kaspersky Labs discovered a malware framework they dubbed MosaicRegressor which was used in a series of targeted cyberattacks directed against diplomats and members of an NGO from Africa, Asia, and Europe.
The exploit involves compromised UEFI firmware that contains a malicious implant, making it the second known public case (Lojax was the first) where a UEFI rootkit has been used in the wild. This UEFI rootkit is a custom version of Hacking Team’s VectorEDK, which likely allowed the MosaicRegressor developers to spend a lot less time creating it and to greatly narrow their risk of exposure.
