Chinese APT

Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements. The discovery is another confirmation that apex threat actors are already deploying hard-to-detect malware below the operating system and the connection to a Chinese APT actor is an ominous sign firmware implantation may already be widespread. A detailed technical analysis (download PDF) from Kaspersky’s global research team documents the  ‘MoonBounce’ UEFI firmware implant and its connection to APT41 (also known as Winnti), a...