Researchers have uncovered what appears to be the first case of a UEFI rootkit in the wild, changing the concept of active UEFI exploit from a conference topic to reality.
The UEFI rootkit was found bundled together with a toolset able to patch a victim's system firmware in order to install malware at this deep level, ESET researchers said on Thursday.
In at least one recorded case, the threat actors behind the malware were able to write a malicious UEFI module into a system's SPI flash memory -- leading to the drop and execution of malicious code on disk during the boot process.
Not only do such methods circumvent operating system reinstall, but also hard disk replacement. The only way to remove such malware -- assuming victims know they have been compromised in the first place -- is to flash the firmware, a process not often conducted by typical users.
According to ESET, the rootkit installation observed is the first case of a UEFI rootkit recorded as active in the wild.
The rootkit is being used by advanced persistent threat (APT) group Fancy Bear, also known as Sednit, APT28, STRONTIUM, and Sofacy.
The APT has been in operation since at least 2004. Allegedly directed by the Russian government, the hacking group has been connected to attacks against the US Democratic National Committee (DNC) ahead of the US elections, the World Anti-Doping Agency (WADA), the Association of Athletics Federations (IAAF), the German government, and the Ukrainian military, among others.
In research presented on Thursday at the 2018 Microsoft BlueHat conference, ESET researchers said the APT, which has used a variety of sophisticated malware and intrusion tools in the past, is also using the LoJax malware to target government organizations in Europe.
In May, research conducted and published by NETSCOUT Arbor Networks suggested the APT was utilizing Absolute Software's LoJack, a legitimate laptop recovery solution, for nefarious means.
Samples of the LoJack software were tampered with to ensure hardcoded configuration settings, small agent rpcnetp.exe, would communicate with a command-and-control (C2) server controlled by Fancy Bear, rather than the legitimate Absolute Software server.
When used for legitimate purposes, the software calls back to a server in order to alert a device's owner to loss or theft. The owner is then able to lock the system and delete files remotely.
"LoJack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution," Arbor said.
The modified version has been named LoJax to separate it from Absolute Software's legitimate solution but is still implemented in the same way -- as a UEFI/BIOS module, in order to resist operating system wipes or hard drive replacement.
Expanding upon this work, ESET said the malicious UEFI module is now being bundled into exploit kits which are able to access and patch UEFI/BIOS settings.
These tools use a kernel driver, RwDrv.sys, which is bundled with the RWEverything utility to read information on a PC's settings, such as PCI memory or ROMs.
"As this kernel driver belongs to legitimate software, it is signed with a valid code-signing certificate," the researchers note.
Alongside the malware, three other tools were found in Fancy Bear's refreshed kit. One is a tool that dumps information relating to PC settings into a text file; another's purpose is to save an image of the system firmware by reading the contents of the SPI flash memory where the UEFI/BIOS is located; and the last tool adds the malicious UEFI module to the firmware image in order to write it back to the SPI flash memory.
According to the researchers, this "effectively installs the UEFI rootkit on the system."
This particular tool will either patch the existing firmware to permit rootkit installation directly if the platform permits writing operations to the SPI flash memory, or if protections are in place, will attempt to use a known vulnerability to complete its task.
However, it is worth noting that the exploited vulnerability only affects older chipsets that do not contain the Platform Controller Hub, which was introduced with Intel Series 5 chipsets back in 2008.
The use of a UEFI rootkit is enough in itself for businesses to take notice. However, as the rootkit is not properly signed, target systems which have the Windows Secure Boot function enabled will only permit signed firmware to load, and so, exploit is avoided.
"We strongly suggest that you enable it," ESET says. "This is the base defense against attacks targeting UEFI firmware and can be enabled at boot time through your system's UEFI settings. Updating system firmware should not be something trivial for a malicious actor to achieve."
A number of the LoJax small agent C2 servers have previously been linked to SedUploader, a backdoor that is often used by Fancy Bear operators in the first stages of compromise. The LoJax campaign's use of XAgent, the APT's "flagship" backdoor, and Xtunnel, a network proxy tool, further cement the belief that the new campaign is attributable to the Fancy Bear hacking group.
The researchers say that the use of a UEFI rootkit has increased the severity of the hacking group and is in "a league of its own."
"The LoJax campaign shows that high-value targets are prime candidates for the deployment of rare, even unique threats and such targets should always be on the lookout for signs of compromise," ESET added.