Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.

LEIPZIG, GERMANY – Researchers hunting cyber-espionage group Sednit (an APT also known as Sofacy, Fancy Bear and APT28) say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks.

The discussion of Sednit was part of the 35C3 conference, and a session given by Frédéric Vachon, a malware researcher at ESET who published a technical write-up on his findings earlier this fall (PDF). During his session, Vachon said that finding a rootkit targeting a system’s UEFI is significant, given that rootkit malware programs can survive on the motherboard’s flash memory, giving it both persistence and stealth.

“UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level,” he said.

The rootkit is named LoJax. The name is a nod to the underlying code, which is a modified version of Absolute Software’s LoJack recovery software for laptops. The purpose of the legitimate LoJack software is to help victims of a stolen laptop be able to access their PC without tipping off the bad guys who stole it. It hides on a system’s UEFI and stealthily beacons its whereabouts back to the owner for possible physical recovery of the laptop.

Each time the system restarts, the code executes on boot, before the OS loads and before the system’s antivirus software is launched. That means that even if the device’s hard drive is replaced, the LoJack software will still operate.

According to Vachon, the bad guys are making good use of this with LoJax. This weaponized, customized version of Absolute Software’s wares dates back to a vulnerable 2009 version, which had several key bugs, chief among them a configuration module that was poorly secured with weak encryption.

“This vulnerability allowed Sednit to customize a single byte that contains the domain information for the legitimate software to connect to in order to download the recovery software,” he said. In the case of LoJax, the single byte contained Sednit command-and-control domains that ultimately delivered the rootkit payload.

The infection chain is typical: An attack begins with a phishing email or equivalent, successfully tricking a victim into downloading and executing a small rpcnetp.exe dropper agent. The rpcnetp.exe installs and reaches out to the system’s Internet Explorer browser, which is used to communicate with the configured domains.

“Once I have a foothold on the machine I can use this tool to deploy the UEFI rootkit,” Vachon explained, adding that the hacker tool takes advantage firmware vendors allowing remote flashing. “UEFI rootkit is located in the BIOS region of the serial peripheral interface (SPI) flash memory,” he said.

Once the UEFI rootkit is installed, there’s not much a user can do to remove it besides re-flashing the SPI memory or throwing out the motherboard, Vachon said.

In May, Arbor Networks spotted LoJack being reused by Sednit agents to develop LoJax. But it wasn’t until September that Sednit began to use it in live campaigns, observed by ESET. These are targeting mostly government entities located in the Balkans, as well as Central and Eastern Europe.

ESET said it identified a customer who had been infected by the rogue version of the LoJax. And last month, the Pentagon made a good-faith gesture to be more open and started uploading malware samples from APTs and other nation-state sources to the website VirusTotal. The first two samples were rpcnetp.dll and rpcnetp.exe, which are both detected as dropper mechanisms for the UEFI rootkit.

By enabling Secure Boot, and making sure their UEFI firmware is up to date, end users can protect themselves against attack, Vachon said.