Firmware-based rootkits, though still relatively rare, are gaining in popularity because they give threat actors a way to maintain a persistent, hard-to-detect, and difficult-to-eradicate presence on a target network.
Kaspersky researchers recently discovered the latest example of such a threat hidden deep within the Unified Extensible Firmware Interface (UEFI) firmware of a computer at a customer location. The malicious implant, dubbed "MoonBounce," was planted in UEFI firmware within the SPI flash storage on the infected computer's motherboard, rather than on the hard disk like some other UEFI bootkits. This meant the implant could persist on the system even if the hard disk had been formatted or replaced, according to Kaspersky.
The implant was designed to enable the deployment of additional malware on the compromised system. Other malware artifacts on the same system pointed to MoonBounce being used as part of a wider cyber-espionage campaign that Kaspersky researchers were able to attribute with a high level of confidence to APT41, a known Chinese-speaking advanced persistent threat (APT) group. Kaspersky discovered the threat in late 2021 and privately reported it to customers of its APT service.
"We have chosen to reveal this publicly not long after as we believe there is value in this knowledge being shared with the community," says Mark Lechtik, senior security researcher with Kaspersky's global research and analysis team (GReAT). The goal is to allow defenders "both to understand how UEFI firmware attacks have evolved and [to] allow blue teamers to better defend against this type of threat."
Modern computers use UEFI firmware during the boot-up process. The interface contains information that the computer uses for loading the operating system, which means that any malicious code in it would execute before the OS boots up. This fact has made UEFI firmware an increasingly popular target for attackers looking to hide implants from malware detection tools and maintain long-term persistence on infected systems.
Security vendor ESET discovered the first firmware-level rootkit — dubbed LoJax — in 2018. This malware, like MoonBounce, was hidden in the UEFI firmware on SPI flash. It was discovered on a system belonging to an organization that Russia-based APT actor Sednit group had targeted as part of a campaign against government organizations in Eastern Europe and other regions.
Since then, security researchers have found a handful of similar rootkits in the wild. MoonBounce is the third publicly known instance of a malicious firmware implant on SPI flash. The other two are LoJax and MosaicRegressor, which Kaspersky uncovered in 2020 being used in a campaign that targeted diplomatic and non-governmental organizations in Asia, Europe, and Africa.
In addition to firmware-based rootkits on SPI flash, researchers have discovered malware on UEFI components on the so-called EFI System Partition (ESP) usually located in a computer's hard drive. Examples of this kind of rootkit include FinSpy, a highly obfuscated surveillance tool that Kaspersky reported on last September, and ESPectre, another UEFI implant on a computer's ESP that ESET reported in October.
According to Kaspersky, implants on UEFI firmware on the SPI are better hidden than firmware-based rootkits on the hard disk. They are also harder to eliminate compared with ESP-level rootkits, which can usually be erased by reformatting the hard drive.
MoonBounce is more sophisticated than LoJax and MosaicRegressor because of the very subtle nature of the binary level changes it makes to a benign UEFI component, says Lechtik. The changes introduce logic to load malware during system startup, while still preserving the boot sequence intact.
"More notably it makes changes to boot sequence components in memory only, through which it allows malicious code to propagate into the operating system," Lechtik says. This means it leaves no traces on disk, making attacks much stealthier than its predecessors.
Lechtik says that to tamper with the UEFI, the APT41 actors would have needed a good understanding of the UEFI boot sequence and the vendor-specific implementation of the firmware they attacked. In addition, the underlying hardware platform needed to have allowed writing to the firmware — something that can happen if vulnerabilities are present in the firmware.
"In our case the attackers had both prerequisites in place," Lechtik says. "Most notably they had a thorough understanding of the particular targeted firmware, which suggests they had ongoing access to the compromised machine."
Addressing the Threat
The growing threat of firmware-level attacks — 83% of organizations in a 2021 survey said they had been hit with one — has pushed chipmakers and hardware and OS vendors to introduce changes for strengthening their technologies against the threat. Secure Boot is one example. The technology is designed to ensure a computer boots up using only trusted, signed pieces of boot software. Other examples include Intel's Boot Guard to defend against the threat of attackers making unauthorized modifications to boot-level software and Trusted Platform Module (TPM), a more than 10-year-old technology for ensuring system integrity during boot-up.
Lechtek says that with MoonBounce, a mechanism such as Secure Boot would be useless.
"Classic Secure Boot doesn't take firmware-level components into account when authenticating components in the boot sequence," he says. "MoonBounce itself does not do anything to bypass this mechanism. It simply doesn’t introduce any changes to the images inspected by Secure Boot, but rather patches the reflection of these images in memory after they are loaded."
However, Boot Guard and TPM would have successfully countered MoonBounce's firmware-level modifications, Lechtik says.