Russian hackers appear to be increasing the intensity of some of their cyber attacks. Some of their new operative cyber weapons indicate that they have found new ways to more efficiently target specific servers.
ESET is an anti-virus firewall company that specializes in security software. Some of their researchers have discovered what they believe to be the first known UEFI rootkit malware used in a cyberattack. Hackers were “successful at once in writing a malicious UEFI module into a system’s SPI flash memory.” This new malware is a massive threat, especially for those who have been “in the crosshairs of Sednit”.
“This APT group, also known as APT28, STRONTIUM, Sofacy and Fancy Bear, may be even more dangerous than previously thought”
This is not the first occasion that this ATP group has been of interest. This was the same Russian APT group embedded in Russia’s GRU intelligence agency that hacked the email server at the Democratic National Convention( DNC) in 2016. The agency also managed to hack the servers at the French global television network, TV5Monde back in 2015.
It is also believed that the agency could be behind the world anti-doping agency email leak as well as other cyber attacks across Central and Eastern Europe. During the summer, Robert Mueller indicted twelve Russian nationals for their involvement in the DNC email cyber attack.
The newly found rootkit malware has been referred to as LoJox as it derives much of its programming models from LoJack’s Absolute Software, who offers software services for finding stolen laptops and removing hard drives of missing computers. As a result, this rootkit malware is only effective against PC’s.
The effects of this new software are already apparent with LoJox malware being used in attacks “in a few government organizations in the Balkans as well as Central Europe”.