Cyber security news for all

More

    New UEFI attack which is part of MosaicRegressor

    Security researchers have found a new UEFI attack. Part of a hacker framework called MosaicRegressor, the cyber attack targeted victims with ties to North Korea in the last 3 years. The Unified Extensible Firmware Interface is a malware with its own cyber system.

    The firmware was used in attacks recently. This is the second second case of an exploited UEFI malware. Components from the framework have been discovered in a series of targeted attacks against authorities. Their activities showed links with North Korea. Code hacking in some components of the framework and overlap in infrastructure was used during the activities. Security researchers believe Winnti belongs to a group, which means several smaller criminal factions are using it to identify with it. Last year, the backdoor used the Skip malware to hack Microsoft servers. The campaign relied on a malware on the servers that could allow the stored information to be accessed using a password string.

    The malware is not embedded in the operating system, but on the mainboard in the module. It doesn’t matter what kind of cyber activities are planned. There is also no point in exchanging them or setting up the system again. The malware can collect data information from the operating systems with a manipulated boot kit. Once inside the mainboard, the malware can always install the required components.

    As for the new UEFI malware, it appears to be a version of a boot kit. The kit code was leaked a few years ago and has been available online ever since. The malware is used to install the MosaicRegressor, which is the second payload. MosaicRegressor is capable of cyber and data activities, and it includes additional downloaders that other secondary components can run.

    MosaicRegressor

    With regards to the identity of the threat actor behind MosaicRegressor, Kaspersky said it found multiple code-level hints that indicate they were written in Chinese or Korean and noted the use of Royal Road (8.t) RTF weaponizer, which has been tied to multiple Chinese threat groups in the past.

    Recent Articles

    Cyber threats become more dangerous to secure the digitization

    The pandemic has provided a boost to digital world. But now it is important to secure it. Examples of developments in the pandemic are...

    Sopra Steria was encrypted with Ryuk ransomware

    Last week, there was a successful ransomware on the servers of the French provider Sopra Steria. In an extremely brief statement, the company only...

    Emotet takes unusual approaches and loads new malware

    Even those who are not concerned with the security have mostly heard of Emotet. The malware has been up to mischief for several years,...

    Cyber criminals could exploit the Oracle network

    The software manufacturer Oracle network only holds its updates every three months. Oracle speaks of security gaps - Due to the extensive product range...

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox