The hacking group called Fancy Bear has a lot of tools as is proven by its attacks on the PyeongChang Olympics, Democratic National Committee, etc. But ESET, the cybersecurity firm discovered the fancy bear team applying an advanced technique which has never been used before. This elite Russian team was caught using the UEFI rootkit which is basically a method to receive tenacious entry to a computer that is hard to clean up and even harder to spot on the machine of an anonymous victim. They have figured out a way to manipulate code from a decade old version of LoJack which is a security software that allows you to trace the location of your laptop if it ever gets stolen.
By manipulating the code, what happens is that the LoJack software calls back, not to the required server but one that is manned by Russian spies and which is almost impossible to crack. Alexis Dorais-Jonas, who is a team lead of ESET’s security intelligence said, “Whenever a computer infected with a UEFI malware boots, it will place the LoJax agent on the Windows file system, so that when Windows boots, it’s already infected with the LoJax agent. Even if you clean LoJax from Windows, as soon as you reboot, the UEFI implant will reinfect Windows.