<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3448621598664628523&zx=c543f28e-b3a5-4767-8955-67d1089489d4' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3448621598664628523&zx=c543f28e-b3a5-4767-8955-67d1089489d4' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-1618281995222563 -->

<link rel="stylesheet" href="https://fonts.googleapis.com/css2?display=swap&family=Playfair+Display&family=Indie+Flower&family=Open+Sans&family=Poppins"></head><body>

LoJax: First UEFI Rootkit Detected in Cyber Attack

ESET Revealed first UEFI Rootkit in a Wild

Admin

September 28, 2018

A security researcher from ESET has discovered the first Unified Extensible Firmware Interface (UEFI) rootkit which was in wild and dubbed as "LoJax". An interesting thing is that this malware was first used by the Advanced Persistent Threat (APT) Group Sednit, which are also known as APT28, STRONTIUM, Sofacy, and Fancy Bear.
This elite hackers group mainly use this malware to target Central and Eastern Europe zone and other government organization also.

The researcher noted that this UEFI rootkit bundled with tools that can patch a victim's system firmware so that the malware is installed deep in the system targeted by LoJax. ESET claimed that the rootkit was successfully used once in writing a malicious UEFI module into a system’s SPI flash memory, with the module capable of executing malware on disk during the boot process.

Sednit has been used in several high-profile cyber attacks across the globe. Moreover, on Democratic National Committee (DNC) hack Sednit was used. It was pointed out that the hackers group was sponsored by the Russian government. Recently, Microsoft has also seized several Russian-operated websites spoofing U.S. conservative group.

Eset expert says the UEFI rootkit is not properly signed, which means any form of attack using that malware can be circumvented through the Secure Boot mechanism. So it is recommended to enable Secure Boot so that each component loaded by the firmware must be signed properly.

Read Also

Share:

You may like these posts Show all

Post a Comment

<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/517362887-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY7V1741LAvvi8ckTHSPJBJRcQGfEg:1713611731214';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3448621598664628523','//www.cyberkendra.com/2018/09/lojax-first-uefi-rootkit-detected-in.html','3448621598664628523');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3448621598664628523', 'title': 'Cyber Kendra', 'url': 'https://www.cyberkendra.com/2018/09/lojax-first-uefi-rootkit-detected-in.html', 'canonicalUrl': 'https://www.cyberkendra.com/2018/09/lojax-first-uefi-rootkit-detected-in.html', 'homepageUrl': 'https://www.cyberkendra.com/', 'searchUrl': 'https://www.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://www.cyberkendra.com/', 'blogspotFaviconUrl': 'https://www.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'G-YN9DJXCC22', 'analytics4': true, 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Cyber Kendra - RSS\x22 href\x3d\x22https://www.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3448621598664628523/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.cyberkendra.com/feeds/3979232155441166238/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/d86c8c5eadffdf93', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '3979232155441166238', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOUoKeBuqhFZMVcAFeWkgDPYnGMGkomJZTsbTOZlQGbplE0k8LZ63v6wCxOZzkQhC8O8i_QP1UFg62e4DD_kqjK8FpwUKz7-uusIm52yTLo9syeVwHhYlx6f59tddmiysW2t-sjC2YCV0/s72-c/DoHjTQYXoAAB0wo.jpg+large.jpg', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOUoKeBuqhFZMVcAFeWkgDPYnGMGkomJZTsbTOZlQGbplE0k8LZ63v6wCxOZzkQhC8O8i_QP1UFg62e4DD_kqjK8FpwUKz7-uusIm52yTLo9syeVwHhYlx6f59tddmiysW2t-sjC2YCV0/s1600/DoHjTQYXoAAB0wo.jpg+large.jpg', 'pageName': 'LoJax: First UEFI Rootkit Detected in Cyber Attack', 'pageTitle': 'Cyber Kendra: LoJax: First UEFI Rootkit Detected in Cyber Attack', 'metaDescription': 'ESET Revealed first UEFI Rootkit in a Wild'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'LoJax: First UEFI Rootkit Detected in Cyber Attack', 'description': 'ESET Revealed first UEFI Rootkit in a Wild', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOUoKeBuqhFZMVcAFeWkgDPYnGMGkomJZTsbTOZlQGbplE0k8LZ63v6wCxOZzkQhC8O8i_QP1UFg62e4DD_kqjK8FpwUKz7-uusIm52yTLo9syeVwHhYlx6f59tddmiysW2t-sjC2YCV0/s1600/DoHjTQYXoAAB0wo.jpg+large.jpg', 'url': 'https://www.cyberkendra.com/2018/09/lojax-first-uefi-rootkit-detected-in.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 3979232155441166238}}, {'name': 'widgets', 'data': [{'title': 'Template Code (Do not disable)', 'type': 'HTML', 'sectionId': 'settings', 'id': 'HTML6'}, {'title': 'Cyber Kendra (Header)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header1'}, {'title': 'Social Media Link', 'type': 'LinkList', 'sectionId': 'section', 'id': 'LinkList1'}, {'title': '', 'type': 'HTML', 'sectionId': 'header_bottom_widget', 'id': 'HTML3'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'main', 'id': 'Blog1', 'posts': [{'id': '3979232155441166238', 'title': 'LoJax: First UEFI Rootkit Detected in Cyber Attack', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOUoKeBuqhFZMVcAFeWkgDPYnGMGkomJZTsbTOZlQGbplE0k8LZ63v6wCxOZzkQhC8O8i_QP1UFg62e4DD_kqjK8FpwUKz7-uusIm52yTLo9syeVwHhYlx6f59tddmiysW2t-sjC2YCV0/s1600/DoHjTQYXoAAB0wo.jpg+large.jpg', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'On'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'On'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'top_ads', 'id': 'HTML90'}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'middle_ads_2', 'id': 'HTML93'}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'matched_content_ads', 'id': 'HTML7'}, {'title': 'Trending!', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts1', 'posts': [{'title': ' Pirate Bay Proxy List 2024: Unblock The Pirate bay33 [April Updated]', 'id': 7709902560608743927}, {'title': 'ExtraTorrents Proxy List 2024 To Unblock Extratorrent', 'id': 7687163451941064055}, {'title': '1337x Proxy List 2024: Your Guide to Safe and Legal Torrenting', 'id': 1078991593587710032}, {'title': 'Download ExaGear APK + obb - Windows Emulator for Android', 'id': 3731719425182612328}, {'title': 'Convert SQL Server to MySQL - Important Things to Consider', 'id': 1772728232949461230}, {'title': 'The Dos And Don\u2019ts Of Building Effective External Links', 'id': 2066265753436086049}]}, {'title': 'Table of Contents', 'type': 'HTML', 'sectionId': 'toc_auto', 'id': 'HTML8'}, {'title': 'Follow Us', 'type': 'LinkList', 'sectionId': 'footer_widgets', 'id': 'LinkList10'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'settings', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList1', 'section', document.getElementById('LinkList1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML3', 'header_bottom_widget', document.getElementById('HTML3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML90', 'top_ads', document.getElementById('HTML90'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML93', 'middle_ads_2', document.getElementById('HTML93'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'matched_content_ads', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'sidebar', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'toc_auto', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'footer_widgets', document.getElementById('LinkList10'), {}, 'displayModeFull'));
</script>
</body>