New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild
October 06, 2020Ravie Lakshmanan
Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI (or Unified Extensible Firmware Interface) containing a malicious implant, making it the second known public case where a UEFI rootkit has been used in the wild. According to Kaspersky , the rogue UEFI firmware images were modified to incorporate several malicious modules, which were then used to drop malware on victim machines in a series of targeted cyberattacks directed against diplomats and members of an NGO from Africa, Asia, and Europe. Calling the malware framework " MosaicRegressor ," Kaspersky researchers Mark Lechtik, Igor Kuznetsov, and Yury Parshin said a telemetry analysis revealed several dozen victims between 2017 and 2019, all of whom had some ties to North Korea. UEFI is a firmware interface and a replacement for BIOS that improves security, e