The research team based in Montreal, discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers, the first-ever in-the-wild. Dubbed LoJax by ESET, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe.
“Although, in theory we were aware that UEFI rootkits existed, our discovery confirms they are used by an active APT group. So, they are no longer just an attractive topic at conferences, but a real threat,” comments Jean-Ian Boutin, ESET senior security researcher who led the research into LoJax and Sednit’s campaign.
UEFI rootkits are extremely dangerous formidable tools for the launch of cyberattacks. They serve as a key to the whole computer, are hard to detect and can survive cybersecurity measures such as reinstallation of the operating system or even a hard disk replacement.
The discovery of the UEFI rootkit serves as a wake-up call for users and their organizations who often ignore the risks connected with firmware modifications.
ESET’s analysis of the Sednit campaign that uses the first-ever in-the-wild UEFI rootkit is described in the detail in the “LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group” white paper.