CosmicStrand: The Discovery of a Sophisticated UEFI Firmware Rootkit
Reference Article
CosmicStrand appears to be the work of an unknown Chinese-speaking threat actor.
Reference Article
CosmicStrand appears to be the work of an unknown Chinese-speaking threat actor.
The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
ESET discovered a UEFI bootkit they call “ESPecter” which is so named because it targets the EFI System Partition (ESP).
FinSpy (also called FinFisher) is an infamous German surveillance tool, available since 2011, that allows operators to intercept communications, capture keystrokes, access files, and even activate cameras and microphones on compromised devices.
A buffer overflow vulnerability has been identified in the Dell BIOSConnect feature, which allows users to update their BIOS firmware from the cloud.
Alert (AA20-352A) – US-Cert – CISA
In December 2020, cybersecurity researchers at FireEye discovered and reported a supply chain attack on SolarWinds software.
Phoenix Technologies
Corporate Headquarters:
2105 S. Bascom Avenue
Suite 316
Campbell, CA 95008-3295
Toll Free: 1-888-249-4880
Tel: +1-408-570-1000 (option 3)
Who We Serve
Solutions
Resources
Company
Copyright © 2025. FirmGuard
BIOS firmware security
Remote BIOS configuration
Remote BIOS update
Remote endpoint drive erasure
Remotely reimage an endpoint
Display endpoint system information
Monitor endpoint connectivity