|
MoonBounce
MoonBounce is a UEFI firmware-based rootkit. It is linked to the Chinese APT41 hacker group. MoonBounce was discovered by the researchers at Kaspersky in 2021. It can disable Windows security tools and bypass User Account Control. The data shows that the attacks are highly targeted. It is a landmark in a UEFI rootkit evolution. It is the third known malware UEFI bootkit found. Infection Kaspersky has detected the firmware rootkit in only one case so little was discovered in regards to the way the rootkit is supposed to spread. It is believed that it had been installed remotely. The SPI flash memory on the motherboard is the implanting location. CORE_DXE is the firmware laced component which is used during the first phases of the UEFI boot sequence. It hooks EFI Boot Services functions and inject more malware into a svchost.exe Svchost.exe (Service Host, or SvcHost) is a system process that can host one or more Windows services in the Windows NT family of operating systems. S ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
UEFI
Unified Extensible Firmware Interface (UEFI, as an acronym) is a Specification (technical standard), specification for the firmware Software architecture, architecture of a computing platform. When a computer booting, is powered on, the UEFI implementation is typically the first that runs, before starting the operating system. Examples include AMI Aptio, Phoenix Technologies, Phoenix SecureCore, TianoCore EDK II, and InsydeH2O. UEFI replaces the BIOS that was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide Backward compatibility, backwards compatibility with the BIOS using #CSM booting, CSM booting. Unlike its predecessor, BIOS, which is a de facto standard originally created by IBM as proprietary software, UEFI is an open standard maintained by an industry consortium. Like BIOS, most UEFI implementations are proprietary. Intel developed the original ''Extensible Firmware Interface'' (''EFI'') specification. The last Inte ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term ''rootkit'' is a compound of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. Rootkit installation can be automated, or an attacker can install it after having obtained root or administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting a vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged ac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
APT41
Double Dragon is a hacker group with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world. In 2019, the cybersecurity company FireEye stated with high confidence that the group was sponsored by the Chinese Communist Party (CCP) while conducting operations for financial gain. The name "Double Dragon" originates from the duality of their operation, as they engage in espionage and individual financial gain. The devices they use are usually used for state-sponsored intelligence. Investigations conducted by FireEye have found APT 41 operations in multiple sectors, such as healthcare, telecommunications, and technology. The group conducts many of its financial activities in the video game industry, in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sectors of the computing industry – Windows (unqualified) for a consumer or corporate workstation, Windows Server for a Server (computing), server and Windows IoT for an embedded system. Windows is sold as either a consumer retail product or licensed to Original equipment manufacturer, third-party hardware manufacturers who sell products Software bundles, bundled with Windows. The first version of Windows, Windows 1.0, was released on November 20, 1985, as a graphical operating system shell for MS-DOS in response to the growing interest in graphical user interfaces (GUIs). The name "Windows" is a reference to the windowing system in GUIs. The 1990 release of Windows 3.0 catapulted its market success and led to various other product families ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Double Dragon (hacking Group)
Double Dragon is a hacker group with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world. In 2019, the cybersecurity company FireEye stated with high confidence that the group was sponsored by the Chinese Communist Party (CCP) while conducting operations for financial gain. The name "Double Dragon" originates from the duality of their operation, as they engage in espionage and individual financial gain. The devices they use are usually used for state-sponsored intelligence. Investigations conducted by FireEye have found APT 41 operations in multiple sectors, such as healthcare, telecommunications, and technology. The group conducts many of its financial activities in the video game industry, in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kaspersky Lab
Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. Kaspersky expanded abroad from 2005 to 2010 and grew to $704 million in annual revenues by 2020, up 8% from 2016, though annual revenues were down 8% in North America due to US government security concerns. the software has about 400 million users and has the largest market-share of cybersecurity software vendors in Europe. Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue. It was the first Russian company to be included into the rating of the world's leading software companies, called the Software Top 100 (79th on the list, as of June ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
User Account Control
User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxedWindows 7 Feature Focus: User Account Control , An overview of UAC in Windows 7 by Paul Thurott version also present in , , , |
Firmware
In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, hardware and softw ..., firmware is software that provides low-level control of computing device Computer hardware, hardware. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well as hardware abstraction Service (systems architecture), services to higher-level software such as an operating system. Firmware is found in a wide range of computing devices including personal computers, smartphones, home appliances, vehicles, computer peripherals and in many of the integrated circuits inside each of these larger systems. Firmware is stored in non-volatile memory either read-only memory (ROM) or progra ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Flash Memory
Flash memory is an Integrated circuit, electronic Non-volatile memory, non-volatile computer memory storage medium that can be electrically erased and reprogrammed. The two main types of flash memory, NOR flash and NAND flash, are named for the NOR gate, NOR and NAND gate, NAND logic gates. Both use the same cell design, consisting of floating-gate MOSFETs. They differ at the circuit level, depending on whether the state of the bit line or word lines is pulled high or low; in NAND flash, the relationship between the bit line and the word lines resembles a NAND gate; in NOR flash, it resembles a NOR gate. Flash memory, a type of floating-gate memory, was invented by Fujio Masuoka at Toshiba in 1980 and is based on EEPROM technology. Toshiba began marketing flash memory in 1987. EPROMs had to be erased completely before they could be rewritten. NAND flash memory, however, may be erased, written, and read in blocks (or pages), which generally are much smaller than the entire devi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Svchost
Svchost.exe (Service Host, or SvcHost) is a system process that can host one or more Windows services in the Windows NT family of operating systems. Svchost is essential in the implementation of ''shared service processes'', where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concern to NT designers because creating Windows processes takes more time and consumes more memory than in other operating systems, e.g. in the Unix family. However, if one of the services causes an unhandled exception, the entire process may crash. In addition, identifying component services can be more difficult for end users. Problems with various hosted services, particularly with Windows Update, get reported by users (and headlined by the press) as involving svchost. The svchost process was introduced in Windows 2000, although the underlying support ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hard Disk Drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, platters coated with magnetic material. The platters are paired with disk read-and-write head, magnetic heads, usually arranged on a moving actuator arm, which read and write data to the platter surfaces. Data is accessed in a random-access manner, meaning that individual Block (data storage), blocks of data can be stored and retrieved in any order. HDDs are a type of non-volatile storage, retaining stored data when powered off. Modern HDDs are typically in the form of a small disk enclosure, rectangular box. Hard disk drives were introduced by IBM in 1956, and were the dominant secondary storage device for History of general-purpose CPUs, general-purpose computers beginning in the early 1960s. HDDs maintained this position into the modern er ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
