Experts Uncover New 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers
Jul 25, 2022
An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated Unified Extensible Firmware Interface ( UEFI ) firmware rootkit called CosmicStrand . "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware's image." Victims identified are said to be private individuals located in China, Vietnam, Iran, and Russia, with no discernible ties to any organization or industry vertical. Rootkits, which are malware implants that are capable of embedding themselves in the deepest layers of the operating system, have morphed from a rarity to an increasingly common occurrence in the threat landscape, equipping threat actors with stealth and persistence f...