The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware. The implant is believed to be the work of APT41, a Chinese-speaking sophisticated hacking group also known as Winnti or Double Dragon. Due to its placement on SPI flash, which is located on the motherboard instead of the hard disk, the implant is capable of persisting in the system across disk formatting or replacement.
According to Kaspersky Researchers, “We can now say that UEFI threats are gradually becoming a norm.”