/?pid=hacking-team-used-uefi-bios-rootkits-16028

Updated:02:40 PM EDT Oct 27
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Hacking Team Used UEFI BIOS Rootkits - TechAmok

Hacking Team Used UEFI BIOS Rootkits - [briefly]
12:54 PM EDT - Jul,15 2015 - post a comment

Hacking Team has not only developed exploits and flaws, but also uses a ‬Unified Extensible Firmware Interface (UEFI) BIOS rootkit to keep their Remote Control System agent installed in their targets' systems. The use of this type of rootkit means that even if a victim's infected machine undergoes a hard drive format, buys a new HD or reinstalls the Windows operating system, the tools are once again implanted to resume their tasks. The rootkit has primarily been designed for Insyde BIOS, a popular BIOS vendor for laptops, however, Trend Micro speculates the code is likely to work on AMI BIOS as well. A slideshow produced by Hacking Team and available to view through leaked emails claims that infection requires physical access to the target machine. If an attacker gains access to the machine, they must reboot the system into the UEFI shell, dump the BIOS, install the rootkit, reflash the BIOS and then reboot once more to complete installation. Files have to be copied from an external source, such as a USB key loaded with the UEFI shell. As explained by the researchers:
"Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots.

The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted."
If the agent does not exist, the scout.exe agent is reinstalled. A tall order, but once the rootkit is in place -- with or without the technical support provided by Hacking Team -- standard scrubbing methods and even replacing the hard drive simply won't work. While the materials say physical access is needed, Trend Micro's researchers "cannot rule out the possibility of remote installation." The company recommends that users set up BIOS passwords, enable UEFI SecureFlash and update the BIOS when security patches are available to limit the risk of infection.

Short overview of recent news articles

Malware of the Future: What an infected system looks like in 2025 (Oct,27 2025 )

F1: Race Highlights | 2025 Mexico City Grand Prix (Oct,27 2025 )

F1: Qualifying Highlights | 2025 Mexico City Grand Prix (Oct,26 2025 )

New Big Windows 11 25H2 October Update - New Taskbar Battery Icons (Oct,25 2025 )

Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party (Oct,25 2025 )

HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel (Oct,24 2025 )

Retro Gaming PC Upgrades go WRONG! (Oct,21 2025 )

How social media has ruined us - the more time you spend online, the (Oct,21 2025 )

FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN (Oct,20 2025 )

ROG Xbox Ally X - a PC Gamer's Perspective (Oct,20 2025 )

Race Highlights | 2025 United States Grand Prix (Oct,20 2025 )

RedMagic Puts Liquid Cooling in its New Gaming Phone (Oct,18 2025 )

Russia Says U.S. Is Planning a $37 Trillion Crypto Reset (Oct,18 2025 )

Tor Browser says no to Firefox's AI features as it removes them (Oct,18 2025 )

NVIDIA GeForce 581.57 WHQL Driver (Oct,14 2025 )

Samsung One UI 8.5 vs iOS 26 - COMPARISON (Oct,13 2025 )

Google Turned Down by Supreme Court, Must Open up App Payments (Oct,12 2025 )

AMD releases new 25.10.1 preview graphics driver with Battlefield 6 (Oct,10 2025 )

MERCY Official Trailer (2026) Chris Pratt (Oct,10 2025 )

Galaxy S26 Ultra - Samsung, Please Don't Copy This (Oct,07 2025 )

Canada's Las Vegas Sphere is here - and I game on it (Oct,06 2025 )

Predator: Badlands - Official Final Trailer (2025) (Oct,06 2025 )

Chasing a Gaming World Record (Oct,04 2025 )

Frankenstein - Official Trailer (2025) Guillermo del Toro, Oscar (Oct,02 2025 )

iPhone 17 Pro Max vs 16 Pro Max / Pixel 10 Pro XL / Galaxy S25 Ultra (Oct,02 2025 )

iOS 26.0.1 is Out! - What's New? (Sep,30 2025 )

NEW! 2026 Audi Q3 2.0 TFSI (265hp) vs. e-hybrid (272hp)| 0-100 km/h (Sep,30 2025 )

Samsung One UI 8.5 Hands on - I Was Wrong (Sep,29 2025 )

iPhone Air Teardown - What is 3D Printed Titanium? (Sep,28 2025 )

Nvidia Wouldn't Send Me This $30,000 GPU - H200 Holy $H!T (Sep,28 2025 )

The Astronaut - Official Trailer (2025) Kate Mara, Laurence (Sep,27 2025 )

iPhone 17 Durability Test -- What Scratches are Permanent? (Sep,25 2025 )

iPhone 17 Pro Max vs. Galaxy S25 Ultra Drop Test! (Sep,23 2025 )

Race Highlights: A Swing In The Drivers' Title Fight? | 2025 (Sep,21 2025 )

BYD Yangwang U9 Hits 496.22 KM/H - EV Supercar Speed Record (Sep,21 2025 )

I'm FIRST to Unbox The World's Biggest TV (Sep,21 2025 )

Samsung Begins Rollout of Android 16 to Rest of Lineup (Sep,21 2025 )

iOS 26 Now Available, with Visual Intelligence (Sep,21 2025 )

Apple's iPhone 17 Series is Nearly Hack-Proof (Sep,21 2025 )

Qualifying Highlights - 2025 Azerbaijan Grand Prix (Sep,21 2025 )

iPhone 17 Pro vs Samsung S25 Ultra Camera Comparison! (Sep,20 2025 )

iPhone Air Durability test -- I AM SHOCKED (Sep,20 2025 )

Microsoft warns Office 2016/2019 users to switch to the cloud as (Sep,15 2025 )

Get Windows 11 25H2 Right Now (Sep,15 2025 )

iPhone 17 Pro VS iPhone 16 Pro VS iPhone 15 Pro VS iPhone 14 Pro (Sep,14 2025 )

What's the AMD Alternative to an RTX 5070? (Sep,11 2025 )

Apple got my wife, they might get me next... (Sep,10 2025 )

Which Phone Has The Fastest Wi-Fi 7? (Sep,09 2025 )

Apple Event - September 9 (Sep,09 2025 )

Ferrari F430 *MANUAL* with TUBI EXHAUST SCREAMING on the AUTOBAHN! (Sep,08 2025 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs