Communications of the ACM

Home/News/Experts Uncover 'CosmicStrand' UEFI Firmware Rootkit.../Full Text

ACM TechNews

Experts Uncover 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers

By The Hacker News
July 27, 2022
Comments

View as: Print Mobile App Share:

Computer code on a green and black DOS-type screen — Kaspersky's attribution to a Chinese-speaking threat actor stems from code overlaps between CosmicStrand and other malware.

A new Unified Extensible Firmware Interface (UEFI) firmware rootkit called CosmicStrand, which resides in firmware images of Gigabyte or ASUS motherboards, has been attributed to to unknown Chinese-speaking hackers, according to researchers at the Kaspersky cybersecurity company. "We noticed that all these images are related to designs using the H81 chipset," said the researchers. "This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware's image."

Attacks aim to interfere with the operating system loading process to implement a kernel-level implant into a Windows machine whenever it is booted. It uses this access to launch shellcode that connects to a remote server to retrieve the malware to be deployed on the system. Researchers noted CosmicStrand appears to have been used in the wild since the end of 2016, before UEFI rootkit exploits began to be publicly detailed.

From The Hacker News
View Full Article

No entries found

Experts Uncover 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers

Smart Hat Senses When Traffic Lights Change

Data Bias Management

The Link Between Rituals and Data Science