ESET researchers have discovered a cyberattack that uses a Unified Extensible Firmware Interface (UEFI) rootkit to establish a presence on victims’ computers.
Dubbed LoJax by ESET, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe, and is the first-ever publicly known attack of this kind.
UEFI rootkits are extremely dangerous tools, used to launch cyberattacks. They serve as a key to victims’ whole computers, are hard to detect, and are able to survive cybersecurity measures such as reinstallation of operating systems, and hard disk replacements. Attempting to clean a system infected with a UEFI rootkit requires skills that most computer users don’t have.
The group has a diverse set of malware tools, some of which ESET researchers have documented in this whitepaper, and this blog post featured on WeLiveSecurity.
