The China-linked APT41 threat actor has launched a targeted attack using UEFI malware that researchers call MoonBounce.
Researchers with Kaspersky discovered the firmware bootkit being leveraged last year in a single incident. Mark Lechtik, senior security researcher with the Global Research and Analysis Team (GReAT) at Kaspersky, said that while researchers cannot disclose any details on the victim itself, they can reveal that “given its nature and the overall details of the campaign, the attackers were likely seeking to conduct long standing espionage activity against it.”
As part of the attack, threat actors tampered with the Unified Extensible Firmware Interface (UEFI) - a leading technology that’s embedded in chips of modern devices and links the firmware to the operating system - in order to embed the malicious MoonBounce implant. UEFI level implants give sophisticated attackers a full range of control over devices, and they are also difficult to detect and remove.
The attackers behind MoonBounce focused on a known attack vector within UEFI: Serial Peripheral Interface (SPI) flash, which is a storage and data transfer component external to the hard drive. Because SPI flash is located on the motherboard instead of the hard disk, attackers can gain persistence even after disk formatting or replacement, said researchers. That sets this type of malware apart from other UEFI implants - such as the UEFI bootkit loading the FinSpy surveillance toolset and the ESPectre bootkit - that instead use the EFI System Partition (ESP), which is storage space designated for some UEFI components that is generally based in the computer’s hard drive or SSD.
“Such bootkits are not only stealthier (partially because of limited visibility by security products into this hardware component), but also more difficult to mitigate: flashing a clean firmware image in place of a malicious one can prove to be more difficult than formatting a hard drive and reinstalling an OS, which would typically eliminate ESP level threats,” Kaspersky researchers said.
SPI Flash Focus
MoonBounce is the third publicly exposed implant that focuses on the SPI flash component; previously, researchers have uncovered similar cases of malware called LoJax, uncovered in 2018, and MosaicRegressor, found in 2020. However, Lechtik said that MoonBounce “is definitely more complex.”
While these previous UEFI implants were carried out as additions of DXE drivers to the overall firmware image on the SPI flash, the attackers behind MoonBounce modified an existing firmware component. This type of attack would require more meddling with UEFI boot sequence components, which requires making "subtle changes in binary level components so as to not break anything in the system startup while allowing to properly load the underlying malware," Lechtik said. A threat actor would need ongoing and remote access to the targeted machine in this type of attack, said researchers; however, they said that they lack sufficient evidence to retrace how the UEFI firmware was infected in the first place.
“The attackers seemed to have a very good understanding of the UEFI boot process and its related components, which helped them address this goal successfully,” Lechtik said. “One notable difference as a result of that is the fact that the flow of MoonBounce’s execution does not entail writing any files on disk, as was the case for both LoJax and MosaicRegressor, thus allowing MoonBounce to be much stealthier.”
Researchers warned that UEFI threats are “gradually becoming a norm,” even while vendors put more efforts in to prevent these types of attacks, such as enabling by default Secure Boot, a feature that aims to prevent unauthorized software from taking control of devices during the boot-up process.
“UEFI firmware level modification as part of an attack is not an easy task; however, it’s still possible with the multitude of old firmware images that are used in the wild which don’t factor in support for modern threat mitigation technologies like BootGuard and TPM," said Lechtik. "As for the future, it is likely attackers will look for vulnerabilities in such technologies with the aim of bypassing them and overwriting benign firmware images with malicious ones regardless.”
Researchers also found other malware families across multiple nodes on the same network, pointing to the fact that the attacker performed lateral movement after gaining an initial foothold on the network in order to exfiltrate more data. These included a previously known in-memory implant called ScrambleCross (also known as SideWalk). Other uncovered components included the StealthCross and StealthMutant loaders, the Microcin backdoor, a Mimikat_ssp publicly available post-exploitation tool used to dump credentials and a formerly unknown Go implant backdoor that is used to contact a command-and-control (C2) server.
Researchers linked the attack to APT41, or an actor affiliated with the threat group, “with medium to high confidence.” Previous APT41 operations were typically made to intervene in the targeted companies’ supply chain, or to heist sensitive intellectual property and personally identifiable information, they said. Researchers also noted that the ScrambleCross malware is considered a variant of CrossWalk, which is a malware family that has been linked to APT41; and the loading schemes and a unique certificate used for the ScrambleCross malware were identical to those observed being leveraged by APT41 or actors affiliated with it.
“It is evident that the group maintains a high level of proficiency and sophistication in the development of its toolset, gaining a foothold in new areas like UEFI firmware,” said researchers. “In this sense, the group has introduced its own innovation to this landscape – patching an existing benign core component in the firmware (rather than adding a new driver to it), thereby turning the UEFI firmware into a highly stealthy and persistent storage for malware in the system.”
Researchers said that organizations can protect against this type of attack by updating UEFI firmware regularly and verifying that BootGuard is enabled.
“Likewise, enabling Trust Platform Modules, in case a corresponding hardware is supported on the machine, is also advisable,” they said. “On top of all, a security product that has visibility into the firmware images should add an extra layer of security, alerting the user on a potential compromise if such occurs.”