Campbell, CA  |

Phoenix Technologies Logo

CosmicStrand: The Discovery of a Sophisticated UEFI Firmware Rootkit

CosmicStrand appears to be the work of an unknown Chinese-speaking threat actor. It is a rootkit or malware implant attack which means it modifies the UEFI firmware image (as opposed to, for example, trying to modify the OS bootloader). It is an extremely difficult rootkit to detect, and a computer will remain in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. The rootkit is located in the firmware image of Gigabyte or ASUS motherboards, and specifically those that use the H81 chipset.

Article Link