Chinese APT deploys MoonBounce implant in UEFI firmware


Security researchers have unveiled MoonBounce, a custom UEFI firmware implant used in targeted attacks.

The implant is believed to be the work of APT41, a Chinese-speaking sophisticated hacking group also known as Winnti or Double Dragon. 

On January 20, Kaspersky researchers said that at the end of last year, the team uncovered a case of Unified Extensible Firmware Interface (UEFI) compromise caused by the modification of one component in the firmware – a core element called SPI flash, located on the motherboard.

Read more…