Russian hackers are taking their cyber warfare to the next level

2025-04-28 05:52:05admin

Russian hackers are upping the ante of their cyberattacks.

The next level of cyber warfare may not be here thanks to the latest weapon being utilized by Russian hackers.

SEE ALSO: Cryptocurrency exchange claimed it was 'practically impossible' to hack. It was hacked.

Researchers with the cybersecurity company ESET have discovered what is believed to be the first known UEFI rootkit malware used in a cyber attack. In a blog post, ESET explains:

“The discovery of the first in-the-wild UEFI rootkit is notable for two reasons. First, it shows that UEFI rootkits are a real threat, and not merely an attractive conference topic. And second, it serves as a heads-up, especially to all those who might be in the crosshairs of Sednit. This APT group, also known as APT28, STRONTIUM, Sofacy and Fancy Bear, may be even more dangerous than previously thought.”

If the name “Fancy Bear” sounds familiar, it’s because they’re the hacking group embedded in Russia’s GRU intelligence agency that has been found responsible for the 2016 DNC emails hack and various misinformation campaigns surrounding the US elections. Earlier this summer, special counsel Robert Mueller indicted a number of Russian nationals with the Fancy Bear hacking group for their role in these attacks.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Previously these Russian hackers had deployed various methods ranging from social engineering to spear-phishing emails as the means of their attacks. This discovery of sophisticated rootkit malware being deployed takes this all to a whole new level.

This instance of malware has been dubbed LoJax as it copies portions of LoJack’s Absolute LoJack software, which is intended to find stolen laptops and remotely wipe the hard drive of a missing computer. Because of this, this rootkit malware only affects PCs.

The main issue with rootkit malware is that it embeds itself into a computer’s firmware and can’t be easily removed. Reinstalling the operating system or replacing the hard drive of the computer will not cut off the hackers’ access to the device. In fact, according to ESET, the main two options of recourse once infected is to manually reflash a computer’s memory with new firmware, which is a fairly difficult, technical process, or to just completely replace the computer’s motherboard. Basically, if a computer is compromised by LoJax, your best option is probably to toss that computer in the trash.

According to ESET, different components of the LoJax malware has already been discovered in attacks deployed against “a few government organizations in the Balkans as well as in Central and Eastern Europe. ESET’s investigation concluded that the hackers were ”successful at least once in writing a malicious UEFI module into a system’s SPI flash memory.”

This discovery should serve as a warning that the hacking threat is only escalating as malicious actors look to fool-proof future methods of attack.

Featured Video For You

This cute robot is every hacker's ultimate nemesis