Custom-made UEFI bootkit found lurking in the wild

[Karlston]

Custom-made UEFI bootkit found lurking in the wild

Attackers are going to great lengths to gain the highest level of persistence.

Enlarge

sasha85ru | Getty Imates

For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.

 

As software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an operating system in its own right. It’s located in a SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it’s the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.

 

Those characteristics make the UEFI the perfect place to stash malware, and that’s just what an unknown attack group has done, according to new research presented on Monday by security firm Kaspersky Lab.

 

Last year, after the Moscow-based company integrated a new firmware scanner in its antivirus products, researchers recovered a suspicious UEFI image from one of its users. After further research, Kaspersky Lab discovered that a separate user had been infected by the same UEFI image in 2018. Both infected users were diplomatic figures located in Asia.

The highest level of persistence

Analysis eventually showed that each time the firmware ran, it checked to see if a file titled IntelUpdate.exe was inside the Windows startup folder. If it wasn’t, the UEFI image would put it there. IntelUpdate.exe, it turned out, was a small but important cog in a large and modular framework built for espionage and data gathering. IntelUpdate.exe acted as the first link in a long chain. It reported to an attacker-controlled server to download another link, which in turn, would download other links, all of which were customized to the profile of the person being infected.

 

The security company is presenting the findings at its Security Analyst Summit @Home conference. In a blog post accompanying the panel, authors Mark Lechtik and Igor Kuznetsov wrote:

The attacks described in this blog post demonstrate the length an actor can go in order to gain the highest level of persistence on a victim machine. It is highly uncommon to see compromised UEFI firmware in the wild, usually due to the low visibility into attacks on firmware, the advanced measures required to deploy it on a target’s SPI flash chip, and the high stakes of burning sensitive toolset or assets when doing so.

 

With this in mind, we see that UEFI continues to be a point of interest to APT actors, while at large being overlooked by security vendors. The combination of our technology and understanding of the current and past campaigns leveraging infected firmware, helps us monitor and report on future attacks against such targets.

Theory becomes reality

If a rootkit is a malware that burrows so deep that it can’t be detected by the operating system, a “bootkit”—at least the UEFI variety of one—is roughly analogous, except it works at the firmware level during bootup. Given its perch—in a chip that’s largely out of view and with the ability to write, delete or modify whatever it wants prior to bootup—security practitioners have long theorized that UEFI bootkits existed. But there were a few hurdles to their real-world implementation, since some of the same things that make the UEFI desirable to attackers also make it hard for them to abuse.

 

In 2014, Kaspersky Lab found what turned out to be a prescient way an attacker might meet the challenge—by abusing an antitheft device known at the time as Absolute Computrace. Later renamed LoJack, it had a module that embedded itself inside the UEFI. To keep tabs on a computer, the module maintained a persistent connection to an Absolute Computrace command-and-control server.

 

In the event that a computer was lost or stolen, the software could download a remediation module that would allow the server to remotely control the PC. From there, the rightful owner could determine the PC’s IP address, approximate location, and other details. The owner could also elect to wipe the hard drive or perform other remote actions. Because the module ran inside the UEFI, all of this worked even if the PC had had its hard drive replaced or OS reinstalled.

 

Kaspersky Lab’s analysis of the antitheft device found that the software, including the UEFI module, came preinstalled on many consumer and business laptops, in many cases with no conspicuous notification. More worrying still, Absolute Computrace provided no means for the control server to authenticate itself to a laptop.

 

The result: in the event the software could be forced to visit the wrong server, a hacker halfway around the world could take control of the computer connecting to it.

 

“We think having anti-theft technology is a good idea, but only if everything works the way it is supposed to,” the 2014 post concluded. “When something goes wrong, a technology that has been developed to protect might be used as a weapon to attack. We have no proof of Absolute Computrace being used as a platform for attacks, but we see the potential for this and some alarming and inexplicable facts make this increasingly likely.”

 

Four years later, Slovakia-based ESET discovered that one of the world’s most advanced and notorious hacker groups was doing just that. A software tool ESET recovered was able to repurpose the Absolute Computrace firmware by extracting it and then patching and overwriting it with malicious code. The patched firmware caused computers to report to servers belonging to Fancy Bear, the same Russian state hacking group that hacked the Democratic National Committee in 2016.

 

The discovery represented the first known time real-world attackers had used a UEFI bootkit in the wild. Eset dubbed the malware LoJax, a play on the LoJack name. Eight months after the discovery, researchers with security firm Netscout found that LoJax was still operational.

Remember Hacking Team?

Now, Kaspersky Lab has seized on the second known time a UEFI bootkit has been actively used, but that’s not the only noteworthy finding.

 

Reengineering showed that the original UEFI image, from firmware maker AMI, had been patched to add malware that was based on a malicious UEFI bootkit made by, and later stolen from, Hacking Team, the Italy-based exploit and implant seller that was spectacularly hacked in 2015.

 

Three of the four added modules were lifted directly from the stolen source code of the UEFI bootkit, which Hacking Team sold to governments—some from countries with poor human rights records such as Egypt, Saudi Arabia, and Russia. A fourth module—which served as the main bootkit component—was based on the one from Hacking Team but had been almost completely rewritten from scratch.

Enlarge / Rogue components found within the compromised UEFI firmware.

Kaspersky Lab

Kaspersky Lab still doesn’t know how the bootkits came to be installed on the victim machines. One possibility is that the PCs received a fake UEFI update from a remote source, but there are no signs of that happening in the Kaspersky AV logs.

 

That leaves company researchers to speculate that the attackers who installed the malicious firmware had physical access. This Hacking Team tutorial provides step-by-step instructions for using a USB drive to install the UEFI bootkit, which Hacking Team internally named VectorEDK, according to the leaked source code.

 

With the USB key and a few minutes alone with a targeted computer, an attacker could start it up, configure it to boot from the USB key, and allow it to work its magic. As the tutorial images below show, this USB key provides an easy interface.

Enlarge

Hacking Team

Enlarge

Hacking Team

Enlarge

Hacking Team

Kaspersky Lab researchers can’t be sure their theory is correct, but it’s certainly plausible. The USB key only works against a subset of UEFIs that aren’t protected against such attacks. The Hacking Team documentation said this “persistent installation” method had been tested on ASUS X550C laptops. Those laptops use UEFI code from AMI, the same supplier of the firmware that had been hacked.

Enter MosaicRegressor

As noted earlier, the ultimate goal of the bootkit was to allow the installation of a sprawling malware framework. Kaspersky Lab has dubbed it "MosaicRegressor." As company researchers dug further into the many modules comprising the framework, they found that several dozen of its AV users had also received (non-UEFI-related) pieces of the framework. Consistent with the two users infected with the UEFI image, the newly discovered victims were all either diplomatic entities or members of a non-governmental organization. They were located in Africa, Asia, and Europe and all had ties in their activity to North Korea.

 

Kaspersky Lab researchers also uncovered evidence that the bootkit was only one way it got installed. Files included in one of the MosaicRegressor archives showed two documents that were likely used in spear phishing attacks. Two examples of malicious archives delivering MosaicRegressor showed documents that were likely used in spear phishing attacks. Both lure documents—one written in Russian and the other in English—discussed matters involving North Korea.

Enlarge / Examples of lure documents bundled to malicious SFX archives sent to MosaicRegressor victims, discussing DPRK related topics

Kaspersky Lab

The researchers found other data that’s potentially useful in piecing together who was behind the attacks. Strings used for generating log messages within the malware included characters that were either from the Chinese or Korean languages. One of the languages the attacker’s computer had installed appeared to be Chinese. Kaspersky takes the evidence to mean that the attackers are Chinese-speaking.

 

According to researchers at security firm ProtectWise, one of the command servers MosaicRegressor connected to had been used in the past by a malicious backdoor from “Winnti Umbrella,” a prolific set of threat actor groups that the researchers said “operate under the Chinese state intelligence apparatus.”

 

Taken together, the evidence suggests the attacks were carried out by a Chinese-speaking actor who may have used the Winnti backdoor in the past, Kaspersky Lab researchers said. But they caution: “Since this is the only link between our findings and any of the groups using the Winnti backdoor, we estimate with low confidence that it is indeed responsible for the attacks.”

Locking things down

The more pressing concern, Lechtik told me, is that the UEFI largely remains a blind spot in computer security. Some companies are slowly coming to realize the risk posed by malicious firmware. Last year, for instance, Google unveiled an open-source root-of-trust chip that will “ensure that a server or a device boots with the correct firmware and hasn't been infected by a low-level malware.”

 

Password-protecting the UEFI bootup process is also an effective measure to prevent firmware tampering. Using full-disk encryption can also be a help because, should UEFI firmware be hacked, it won’t be able to write to the disk.

 

But by and large, hardware and firmware providers still aren’t spending enough resources to build defenses needed for products to effectively withstand attacks. Secure boot, because it only protects the boot process during run time, isn’t the answer. And security companies are only now starting to design scanning for mainstream users.

 

As noted earlier, UEFI firmware is something of a black box that’s also hard to access. That makes it powerful for both good and bad, but it also makes attacks difficult, since they rely on a large amount of skill to write the firmware and somehow deploy it on a target machine. The Hacking Team leak, combined with this new discovery, shows attacks will almost certainly become more common.

 

“Usually, when some code leaks in the wild then we immediately see it being picked up by threat actors,” Lechtik said. “One of the things we actually found curious here is it has been five years since this thing has been leaked and it only made it to the hands of threat actors we can trace only at this point. We need to ask ourselves why.”

 

 

Custom-made UEFI bootkit found lurking in the wild

 

[Sylence]

Use Windows 10, turn on Bitlocker for C drive for full drive encryption, password protect UEFI, enable secure boot in UEFI which uses Windows 10 security feature.