An attack group likely based in China has recently been using a new malicious framework called MosaicRegressor in operations against diplomatic and NGO targets, one of which involved the installation of malicious UEFI firmware images on a compromised machine. The framework repurposes tools built by Hacking Team that were leaked several years ago.
Attacks involving malicious UEFI firmware are quite rare, for a number of reasons, and researchers at Kaspersky who discovered this most recent one said it’s unclear how the attackers gained initial access to the compromised computer. But the use of a modified firmware image, albeit one based on an existing tool, as part of the attack chain suggests that the operation is the work of a competent and proficient attacker. The malicious firmware images were one part of the attacks that the researchers investigated, attacks that also involved the installation of various other pieces of malware, all aimed at data theft and espionage.
There were several indications in the tools’ code and elsewhere that led the researchers to conclude that the attacks were the work of a Chinese-speaking group, however they did not pin the operations on any specific team. The targets identified by Kaspersky include NGOs and diplomatic organizations in several countries in Europe, Africa, and Asia, many of which are focused on work related to North Korea. The new UEFI rootkit, though low in terms of infection numbers, demonstrates that top level attackers have not slowed their development of tools, especially those that grant them long-term access to target environments.
“We can obviously say that by deploying a UEFI rootkit the attackers were aiming for the highest level of persistence on those machines. They probably thought they could get away with it because they’re very hard to detect. Because the firmware resides on a separate chip it makes it probably the most persistence malware there is,” said Mark Lechtik, a senior security researcher at Kaspersky.
"They aimed on being on target machines for as long as they could. They’re aiming for constant access to victims’ environments regardless of if the victim remediates the machine.”
Unified Extensible Firmware Interface (UEFI) is a modern replacement for the old BIOS, the software that runs at the beginning of a computer’s boot process and helps interface with the main operating system. The firmware is installed during the manufacturing process and because of its privileged placement in the boot chain, it is a prized target for attackers. The challenge is that reaching the firmware and being able to modify it are difficult tasks, by design. Modern Windows machines employ a process known as UEFI Secure Boot that’s meant to ensure that no malicious or unsigned components are loaded during the boot process. Some computers also have other hardware protections against low-level firmware attacks, so modifying or replacing a target machine’s firmware is no mean feat.
Lechtik said that the researchers were not able to determine whether the machines compromised by the UEFI rootkit had Secure Boot enabled.
Known attacks that have succeeded in doing this are few and far between and the one that Kaspersky came across included a modified firmware image with several separate malicious modules in it.
"They aimed on being on target machines for as long as they could. They’re aiming for constant access to victims’ environments."
“During an investigation, we came across several suspicious UEFI firmware images. A deeper inspection revealed that they contained four components that had an unusual proximity in their assigned GUID values, those were two DXE drivers and two UEFI applications. After further analysis we were able to determine that they were based on the leaked source code of HackingTeam’s VectorEDK bootkit, with minor customizations,” Lechtik and Igor Kuznetsov of Kaspersky wrote in an analysis of the attacks.
“The goal of these added modules is to invoke a chain of events that would result in writing a malicious executable named ‘IntelUpdate.exe’ to the victim’s Startup folder. Thus, when Windows is started the written malware would be invoked as well. Apart from that, the modules would ensure that if the malware file is removed from the disk, it will be rewritten. Since this logic is executed from the SPI flash, there is no way to avoid this process other than eliminating the malicious firmware.”
The researchers found several separate components used by MosaicRegressor, each with individual capabilities. One of the modules is used to load the other components, another walks through the file system, and a third marks the firmware on the machine as compromised. But the real action comes from “SmmAccessSub”, the actual bookit that writes the IntelUpdate executable to the startup directory on the disk. The bootkit is what handles the persistence on the disk and ensures that the attackers have continued access to the machine. The MosaicRegressor framework uses several different downloaders that can communicate with the command-and-control infrastructure through a variety of methods, including email, which is unusual for this kind of malware.
“The mail boxes used for this purpose reside on the ‘mail.ru’ domain, and are accessed using credentials that are hard-coded in the malware’s binary. To fetch the requested file from the target inbox, MailReg enters an infinite loop where it tries to connect to the ‘pop.mail.ru’ server every 20 minutes, and makes use of the first pair of credentials that allow a successful connection,” the analysis says.
How the attackers behind MosaicRegressor were able to gain the position necessary to install the UEFI rootkit remains a mystery, but Lechtik said there were several possibilities. The simplest explanation is physical access to the computers, with which an attacker could install the modified firmware from a USB drive. That’s the vector that HackingTeam documentation had as a requirement for its custom malware.
“Another option is to push a rogue firmware update. But that would require the previous firmware to not check digital signatures. Or there could have been a vulnerability in the firmware. But if this was true we’d anticipate we’d find some evidence of exploitation and we haven’t seen anything like that,” Lechtik said.