Researchers uncovered a stealthy UEFI rootkit that's being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties.
The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant's goal is to inject a malicious driver into the Windows kernel during the booting stages, providing attackers with a high level of persistence and stealthiness.
While MoonBounce is not the first UEFI rootkit found in the wild -- LoJax, MosaicRegressor are two examples -- these types of implants are not common because they require knowledge of low-level firmware programming. They are typically found in the arsenal of well-resourced and sophisticated attacker groups.
What is an UEFI rootkit?
The Unified Extensible Firmware Interface (UEFI) is the modern replacement for the BIOS. In fact, the terms are still used interchangeably in many cases since most modern BIOSes follow the UEFI standard and specification.
The firmware is stored on a memory chip called the SPI flash that's soldered on the motherboard and contains the code necessary to initialise all the other hardware components and configure them before execution is passed to the bootloader code that starts the main operating system and its kernel.
The UEFI contains various drivers that are used to talk to the other chips on the motherboard as well as the CPU and other peripherals. Getting malicious code to execute into such an early initialisation phase of a device is extremely powerful because there is no antivirus or intrusion detection solution that runs at that level.
Also, the operating system's security features such as digital signature verification for drivers has not yet been initialised and can be disabled or bypassed.
UEFI rootkits essentially get a head start to and a privileged position over most other defences found on a typical computer. They can be hard to detect and can even prevent normal UEFI updates. Researchers have recently found a similar low-level implant that infects the baseband management controller (BMC) firmware of HPE servers and works on similar principles.
Boot-level rootkits are the reason why the PC industry has added firmware security features over the past 10 years. For example, UEFI has SecureBoot, which relies on public key cryptography to verify that all code loaded during the boot process -- from UEFI drivers and applications to the OS bootloader and the OS kernel -- have been digitally signed by a trusted party. Various regions of the UEFI memory need to remain read-only or non-executable.
However, while UEFI is a standard, PC manufacturers maintain their own implementations customised for their devices. This means the UEFI firmware of a computer from one vendor will be slightly different then the UEFI firmware from a computer from another manufacturer.
Vulnerabilities have been identified over the years in the UEFI firmware implementations of various vendors that could allow attackers to bypass UEFI security features. That's why it's also important to maintain the ability to easily deploy UEFI updates from inside the OS and to keep the firmware up to date.
How does MoonBounce work?
MoonBounce was found in an UEFI component called CORE_DXE, DXE standing for Core Execution Environment. This component initialises data structures and function interfaces that are then called by other DXE drivers. The attackers appended malicious shellcode top the CORE_DXE image and then made modifications to the code to hook certain legitimate function calls and divert their execution to their shellcode.
"Note that at the time of writing we lack sufficient evidence to retrace how the UEFI firmware was infected in the first place," the Kaspersky researchers said in their report.
"The infection itself, however, is assumed to have occurred remotely. While previous UEFI firmware compromises (i.e., LoJax and MosaicRegressor) manifested as additions of DXE drivers to the overall firmware image on the SPI flash, the current case exhibits a much more subtle and stealthy technique where an existing firmware component is modified to alter its behaviour."
This type of modification implies the attackers had access to the original firmware image. This can be achieved if attackers had remote access to the machine and administrative privileges to extract and flash the firmware.
Once executed, the malicious UEFI shellcode injects a malicious driver in the early execution stages of the Windows kernel and this driver then injects a user-mode malware program into the svchost.exe process once the operating system is up and running. The user mode piece of malware is a loader that reaches out to a hardcoded command-and-control server to download and execute additional payloads, which the researchers were not yet able to recover.
The Kaspersky researchers said they've identified MoonBounce on a single victim machine so far, so it's hard to say how widespread its use is. However, it's likely part of a highly targeted cyber espionage campaign.
The researchers found additional malware on other machines that were located on the same network, including one called ScrambleCross or SideWalk that has been documented in the past and attributed to a Chinese cyber espionage group known under various names including APT41, Barium or Winnti.
Who is APT41?
APT41 is believed to be a cyber espionage group that has ties to the Chinese government. It has been operating since at least 2012 and has targeted organisations across many sectors with the goal of intelligence collection.
However, the group is also known for launching financially motivated attacks against the online gaming industry which do not seem to match a state-related interest, so it could be acting as a contractor rather than a team within an intelligence agency.
In September 2020, the U.S. Department of Justice unsealed indictments against three Chinese and two Malaysian nationals in connection with APT41 attacks. Three of them were involved in the management of a company called Chengdu 404 Network Technology that was allegedly serving as a front company for the group's activities.
APT41 uses an arsenal of over 46 different malware families and tools as well as sophisticated techniques such as software supply-chain attacks. One example is the 2017 attack against CCleaner that resulted in poisoned copies of the popular utility being distributed to 2.2 million users. The group is also believed to be responsible for ShadowPad, a software supply-chain attack that resulted in the distribution of malicious versions of a commercial enterprise server management tool called Xmanager.
"As a safety measure against this attack and similar ones, it is recommended to update the UEFI firmware regularly and verify that BootGuard, where applicable, is enabled," the Kaspersky researchers said.
"Likewise, enabling Trust Platform Modules, in case a corresponding hardware is supported on the machine, is also advisable. On top of all, a security product that has visibility into the firmware images should add an extra layer of security, alerting the user on a potential compromise if such occurs."