12 October,2020 10:09 AM IST | New Delhi | IANS
This image has been used for representational purposes only
A rare spy malware has hit diplomats and members of NGOs from Asia, Africa and Europe in a series of targeted cyber attacks, including spear-phishing documents in Russian language while some were related to North Korea and used as a lure to download malware.
Based on the affiliation of the discovered victims, the researchers at cyber security firm Kaspersky were able to determine that the malware campaign known as "MosaicRegressor" was used in a series of targeted attacks.
The campaign has so far not been linked "to any known advanced persistent threat (APT) actors".
The researchers uncovered the APT espionage campaign that uses a very rarely seen type of malware known as a firmware bootkit.
ALSO READ
Mid-Day Top News: Maharashtra assembly polls likely only after Diwali and more
Maharashtra assembly elections likely only after Diwali
Congress: Centre insensitive to statehood restoration demand, will be poll issue
Raut defends Uddhav's push for decision on CM's face from MVA allies
Long queues at voting centres as first ever hawkers polls in city begin
The UEFI bootkit used with the malware is a custom version of Hacking Team's bootkit leaked in 2015.
"Although UEFI attacks present wide opportunities to the threat actors, MosaicRegressor is the first publicly known case where a threat actor used a custom made, malicious UEFI firmware in the wild," said Mark Lechtik, senior security researcher at Global Research and Analysis Team (GReAT) at Kaspersky.
"This attack demonstrates that, albeit rarely, in exceptional cases actors are willing to go to great lengths in order to gain the highest level of persistence on a victim's machine".
UEFI firmware is an essential part of a computer, which starts running before the operating system and all the programs installed in it.
If UEFI firmware is somehow modified to contain malicious code, that code will be launched before the operating system, making its activity potentially invisible to security solutions.
Kaspersky researchers found a sample of such malware used in a campaign that deployed variants of a complex, multi-stage modular framework dubbed as MosaicRegressor.
"The framework was used for espionage and data gathering with UEFI malware being one of the persistence methods for this new, previously unknown malware," the researchers explained.
The malware initially installed on the infected device is a Trojan-downloader, a programme capable of downloading additional payload and other malware.
"Depending on the payload downloaded, the malware could download or upload arbitrary files from/to arbitrary URLs and gather information from the targeted machine", the findings showed.
"The use of leaked third-party source code and its customization into a new advanced malware once again raises yet another reminder of the importance of data security," said Igor Kuznetsov, principal security researcher at Kaspersky's GReAT.
"Once software -- be it a bootkit, malware or something else -- is leaked, threat actors gain a significant advantage," he added.
Catch up on all the latest Crime, National, International and Hatke news here. Also download the new mid-day Android and iOS apps to get latest updates.
Mid-Day is now on Telegram. Click here to join our channel (@middayinfomedialtd) and stay updated with the latest news
This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever