A serious vulnerability has been found in the servers of Microsoft, Intel, Dell, Lenovo, Fujitsu, HP, HPE, Siemens and AMD and researchers from security firm Binarly have confirmed that the said susceptibility has acted as an access point to some state funded hacking firms that have planted espionage related malware into corporate network.
Binarly says that the flaw lies in the Unified Extensible Firmware Interface(UEFI),a sync node that acts as a mediator between the operating system and the firmware. And it can act as a smart replacement to the legacy BIOS that helps boot up a PC.
Another security firm, Kaspersky, states the flaw has already been exploited by Chinese hacking group APT41 that implanted a malware named MoonBounce that acts as an information stealing tool and also as a backdoor to install further payloads.
The telemetry data from Kaspersky confirms that hackers have used MoonBounce to target a single firm till date and is advising system admins to keep their servers firmware updated from time to time, verify that the ‘BootGuard’ feature is enabled and enable Trust Platform Modules along with the feature activation of a ‘Secure Boot’.
Note- A few of the members from APT41 hacking group distributing MoonBounce malware were arrested by the law enforcement of United States in September 2020. It seems like the gang seems to have picked up new vigor these days to target new firms.