ESET Whitepaper - LoJax

First UEFI rootkit found in the wild, courtesy of the Sednit group

The Sednit group has been operating since at least 2004, and has made headlines frequently in the past years: it is believed to be behind major, high profile attacks.

For instance, several security companies as well as the US Department of Justice named the group as being responsible for the Democratic National Committee (DNC) hack just before the US 2016 elections.

The group is also presumed to be behind the hacking of global television network TV5Monde, the World Anti-Doping Agency (WADA) email leak and many others.

Its targets are many and the group has a diversified set of malware in its toolbox several of which we have documented previously, but this white paper details the first time this group is known to have used a UEFI rootkit.

This white paper is divided into three sections. The first will deal with previous security research on LoJack/ Computrace and how it could be used maliciously. The second section will examine the breadcrumbs found along our research route that ultimately led us to the UEFI rootkit. Finally, the third section will detail the different LoJax components and how they persist on a system even after a Windows re-install or a hard drive replacement.

To read the whitepaper, يرجى إدخال التفاصيل الخاصة بك في النموذج.

Request Your Newsletter