Russian hackers have come up with a UEFI rootkit that is a very tough nut to crack. In layman’s terms, it allows the perpetrator to take complete control of the machine, and download whatever they want.
LoJack was a software that allowed you to track the location of your laptop in the case of theft. But it wasn’t just any other software. LoJack was perched comfortably on your device’s firmware, meaning that it can’t be uninstalled in the traditional sense. The software would consistently contact a server in order to announce the device’s location. Reinstalling your entire OS didn’t get rid of it either, and eradicating it from your device needs some serious technical know-how. The firmware has to be flashed to get rid of it completely, and this is a skill that not many people have.
The fancy bear group essentially repurposed the call back to the server. Instead of announcing its location to a harmless waypoint, the software calls back directly to Russian spies. Heavy stuff, right?
What’s scarier, is that Fancy Bear are targeting government organizations in Europe.
Analysts are particularly worried about copycats, in the wake of Fancy Bear’s success.