It was ~2 weeks ago when Costin Raiu wrote an article on “Where are all the ‘A’s in APT?”. In this article, Costin focused on what is regarded as sophisticated in observed APT attacks as well as how future detected sophisticated attacks will look like:
- “Virtualization / hypervisor malware – we haven’t seen any in-the-wild attacks leveraging this.
- SMM malware – this is something yet to be seen in real-world attacks.
- UEFI malware – the hacking of HackingTeam revealed that a UEFI persistence module has been available since at least 2014, but we have yet to observe real-world UEFI malware.
- Hardware implants – although Joseph FitzPatrick and others have covered this subject in great detail, the number of real-world cases where hardware implants have been found is extremely low.
- Malware abusing or hiding in secure enclaves (SGX).
- Malware for Intel ME. “
After 2 weeks time, the first UEFI malware has been found in the wild by ESET while there is the big story on hardware implants as reported by Bloomberg .
- “Where are all the ‘A’s in APT?” – https://lnkd.in/eQgv8TM
- The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies https://lnkd.in/eUqweWi
- LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group https://lnkd.in/ekRm5cA