Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

First UEFI bootkit malware for Linux discovered

Nov. 28, 2024, 8:32 a.m.

Description

A groundbreaking discovery has been made in the realm of cybersecurity: the first UEFI bootkit specifically targeting Linux systems. Named 'Bootkitty,' this proof-of-concept malware marks a significant evolution in stealthy and hard-to-remove bootkit threats. Although currently limited to certain Ubuntu versions and configurations, its existence raises concerns about potential future developments. Bootkitty bypasses kernel signature verification, preloads malicious components during system boot, and manipulates various security protocols. While not yet observed in real-world attacks, this discovery highlights the growing threat landscape for Linux systems and underscores the need for enhanced security measures in enterprise environments adopting Linux.

Date

Published: Nov. 27, 2024, 8:53 p.m.

Created: Nov. 27, 2024, 8:53 p.m.

Modified: Nov. 28, 2024, 8:32 a.m.

Attack Patterns

BCDropper

BCObserver

Bootkitty

T1542.002

T1542.003

T1574.006

T1564.001

T1547.001

T1014

T1070.004

T1562.001