📢 LoJax : analyse complémentaire du bootkit UEFI et de sa chaîne de persistance
📝 Source : Malware Analysis Space (blog de Seeker/@clibm079, Chine), publié le 2 janvier 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-01-10-lojax-analyse-complementaire-du-bootkit-uefi-et-de-sa-chaine-de-persistance/
🌐 source : https://malwareanalysisspace.blogspot.com/2026/01/revisiting-lojax-supplementary-analysis.html
#Bootkit #IOC #Cyberveille
#Bootkit
Morning, cyber pros! It's been a bit quiet over the last 24 hours, but we've still got some critical updates on active threat actor campaigns targeting Salesforce and a new, noteworthy ransomware bootkit that bypasses Secure Boot. Let's dive in:
Cybercriminal Groups Target Salesforce Platforms ⚠️
- The FBI has issued a flash alert regarding two cybercriminal groups, UNC6040 and UNC6395, actively targeting organisations' Salesforce platforms for data theft and extortion.
- UNC6395 exploited compromised OAuth tokens for the Salesloft Drift application, stemming from a breach of Salesloft's GitHub account, leading to the app being taken offline.
- UNC6040, active since October 2024, uses sophisticated vishing campaigns to gain initial access, then leverages modified Salesforce Data Loader and custom Python scripts to exfiltrate large volumes of data.
📰 The Hacker News | https://thehackernews.com/2025/09/fbi-warns-of-unc6040-and-unc6395.html
HybridPetya Ransomware Bootkit Bypasses Secure Boot 🛡️
- ESET researchers have discovered HybridPetya, a new ransomware strain that functions as a bootkit, capable of bypassing UEFI Secure Boot on unrevoked Windows systems.
- This malware exploits the patched vulnerability CVE‑2024‑7344, which Microsoft has since revoked in dbx, and shares similarities with the infamous Petya and NotPetya strains, including a fake CHKDSK message during encryption.
- While currently a proof-of-concept with no observed in-the-wild use, HybridPetya is significant as the fourth publicly known bootkit to bypass Secure Boot, highlighting the ongoing evolution of firmware-level threats.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/12/hopefully_just_a_poc_hybridpetya/
#CyberSecurity #ThreatIntelligence #Ransomware #Bootkit #SecureBoot #UEFI #Salesforce #DataTheft #Extortion #Vishing #Cybercrime #InfoSec #FBI #ThreatActors
A copycat of Petya/NotPetya malware, adding the capability of compromising UEFI-based systems & weaponizing vuln to bypass UEFI Secure Boot on outdated systems. #microsoft #malware #windows #systems #bootkit #vuln [ https://welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/ ] #informatique
☣️ HybridPetya is now at least the fourth (4th) publicly known example of a real or PoC UEFI bootkit with UEFI Secure Boot bypass functionality.
Bootkitting Windows Sandbox
Explains how attackers can target Windows Sandbox through bootkits, bypassing isolation and achieving persistence.
https://secret.club/2022/08/29/bootkitting-windows-sandbox.html
El lado del mal - Hacer un "infector" del Master Boot Record (MBR) de un PC usando Windows con ChatGPT & DeepSeek https://www.elladodelmal.com/2025/06/hacer-un-infector-del-master-boot.html #MBR #Malware #DeepSeek #ChatGPT #IA #AI #Windows #Ransomware #Bootkit
Secure Boot just got a wake-up call—hackers are now exploiting a new flaw to slip bootkit malware past our digital bouncer. Ever wonder how secure your system really is?
https://thedefendopsdiaries.com/navigating-the-challenges-of-secure-boot-vulnerabilities/
New Microsoft Script updates Windows Media with Bootkit Malware Fixes.
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year.
#windows #media #update #bootkit #it #security #privacy #engineer #tech #news
Sehr interessanter Podcast zu Bootkitty!
Er fast die Geschehnisse um die Entdeckung des ersten UEFI-Boot-Kits für Linux sehr gut und anschaulich zusammen. Habe viel durch den Podcast gelernt.
Vielen Dank an @syt und @christopherkunz für diese tolle Folge von Passwort.
#linux #security #bootkit #bootkitty
https://passwort.podigee.io/23-bootkitty-schnitzeljagd-um-ein-linux-bootkit
Analyzing the Evolution of VBS Rootkits
This blog explains what bootkits are and how the one we wrote works.
Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels
https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html #Cybercrime #Linux #UefiBootkit #Bootkit #Bootkitty
"The recently uncovered 'Bootkitty' #Linux UEFI #bootkit exploits the #LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware."
#malware #UEFIrootkit #Bootkitty #CyberSecurity
https://www.bleepingcomputer.com/news/security/bootkitty-uefi-malware-exploits-logofail-to-infect-linux-systems/
#Bootkitty : Analyzing the first #UEFI bootkit for #Linux
« ESET researchers analyze the first UEFI bootkit designed for Linux systems » by Martin Smolár and Peter Strýček
› https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws
https://securityaffairs.com/171606/malware/bootkitty-logofail-flaws.html
#Infosec #Security #Cybersecurity #CeptBiro #BootKitty #Linux #UEFI #Bootkit #LogoFAIL
Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered
https://www.securityweek.com/prototype-uefi-bootkit-is-south-korean-university-project-logofail-exploit-discovered/
#Infosec #Security #Cybersecurity #CeptBiro #Prototype #UEFI #Bootkit #SouthKoreanUniversityProject #LogoFAIL #ExploitDiscovered
Security Week 2449: «тренировочный» буткит для Linux
На прошлой неделе компания ESET сообщила об обнаружении буткита, конечной целью которого является атака систем на базе Linux. Задача любого буткита — выполнить вредоносный код до загрузки ядра системы. Это в теории обеспечивает широкие возможности контроля над атакуемым компьютером и затрудняет обнаружение вредоносного ПО. Закрепление буткита в прошивке UEFI также позволяет пережить полную переустановку ОС или замену жесткого диска. На практике реализовать подобную атаку достаточно сложно: известны лишь три примера реальных буткитов, закрепляющихся в UEFI. Из них только самый свежий, известный как BlackLotus , способен обойти систему Secure Boot, направленную как раз на блокировку выполнения «неавторизованного» кода на начальном этапе загрузки. Как и следовало ожидать, целью всех реальных буткитов является атака на ОС Windows. Именно поэтому Linux-буткит мог бы представлять особый интерес. Впрочем, в данном случае, как позднее выяснилось, речь не идет о реальном вредоносном ПО — это был учебный Proof of Concept, разработанный в рамках учебной программы по кибербезопасности в Южной Корее.разработанный корейскими студентами.
#Bootkitty: Forscher entdecken erstes #UEFIBootkit für #Linux :tux: - Golem.de https://www.golem.de/news/bootkitty-forscher-entdecken-erstes-uefi-bootkit-fuer-linux-2411-191230.html #Malware #Bootkit #UEFI
Bootkitty: Forscher entdecken erstes Uefi-Bootkit für Linux - Golem.de
https://www.golem.de/news/bootkitty-forscher-entdecken-erstes-uefi-bootkit-fuer-linux-2411-191230.html #Cybercrime #Linux #UefiBootkit #Bootkit #Bootkitty
It’s only a real linux bootkit if it comes under an open-source license.
BTW it’s actually GNU/Bootkitty.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst