First UEFI rootkit spotted in the wild!

"THE FANCY BEAR hacking group has plenty of tools at its disposal, as evidenced by its attacks against the Democratic National Committee, the Pyeongchang Olympics, and plenty more. But cybersecurity firm ESET appears to have caught the elite Russian team using a technique so advanced, it hadn’t ever been seen in the wild until now.

ESET found what’s known as a UEFI rootkit, which is a way to gain persistent access to a computer that’s hard to detect and even harder to clean up, on an unidentified victim’s machine. The technique isn’t unheard of; researchers have explored proofs of concept in the past, and leaked files have indicated that both the CIA and the independent exploit-focused company Hacking Team have had the capability. But evidence that it has happened, in the form of malware called LoJax, represents a significant escalation in the Fancy Bear—which ESET calls Sednit—toolkit."

Rest here: wired.com/story/fancy-bear-hackers-uefi-rootkit/

Attached: FancyBearBlog.jpg (530x349, 36K)

Other urls found in this thread:

youtube.com/watch?v=_eSAF_qT_FY
twitter.com/SFWRedditGifs

>2k18
>not coding your own legacy bootloader for MBR and flashing it in your motherboards ROM
lmao'ing @ your life

wait, how the fuck can you put a rootkit in a UEFI ? Isn't it stored in read-only memory ?

Bios virusses existed, so why would it be any different for UEFI? Was it supposed to be that much more secure?

why are slavs so based

>firmware not written in ROM
It's like you WANT to be hacked

Maybe I'm a brainlet, but how come this is such a new thing? Rootkits have been a thing for ages, and UEFI has a much bigger attack area than BIOS.

yeah but does it let me flash an older bios on asus boards
the chinks actually prevent you from flashing old shit

nothing is ever ROM

>what are punch cards

They're one-way writable

Attached: closeup of punch card write head.jpg (1300x1300, 183K)

Oh no, russian hackers are going to infiltrate my home and puncture my punchcards

ROM means unable to be changed in any way from within the operating system you retards, of course you can change ROM in a way or another with enough patience and dedication, but NOT from within the OS that's currently running on your machine

My OS and machine can't even read punchcards you retard, so by that definition it's not even memory since it can carry no readable information.

A machine meant to use punchcards, on the other hand, isn't unlikely to have a puncher as well. Much like machines that are made to work with optical media not infrequently also had disc burning capabilities.

they're WORM, write-once-read-many
like cd-r or printed paper

CIA version must come installed by default in US PC market while the Gopnik one in the Mother Russia.

Nothing abnormal. Install Gentoo!

Attached: 1532842823394.jpg (256x256, 15K)

>stil blamimg the Russians for the DNC hack
jesus christ

Attached: 1535246984853.jpg (961x632, 96K)

You can write more than once though (but only one way like I said)

lol no, uefi is horribly insecure on purpose(?)

Attached: 135.png (680x680, 124K)

Any r34 of that qt in the logo?

Attached: 1538313523979.png (680x680, 97K)

>(?)
>being unsure in the day and age when x86 CPUs have a hidden RISC core that completely ignore ring protection system and stand above all the other rings

how would one detect such a core ?

if (env.RISC_CORE) { console.log("has RISC_CORE"); }

I mean not using a specialized command line, as these don't always exist, and won't exist if they really want something hidden

let result;
for (let i = 0; i < 255; i++) {
result = asm {
pop
}
}

youtube.com/watch?v=_eSAF_qT_FY

holy shit, based