Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years

Published by
CSO

By Lucian Constantin A sophisticated rootkit that’s able to insert itself into the lowest levels of Windows computers — the motherboard firmware — has been making victims since 2020 after disappearing from the radar for around three years. The rootkit, dubbed CosmicStrand by researchers from Kaspersky Lab, is stealthy and highly persistent since its code is stored deep in the UEFI, outside the detection scope of most security programs. The Unified Extensible Firmware Interface (UEFI) is the modern equivalent to the BIOS. It’s the firmware that contains the necessary drivers to initialize and…

Read More