Russia’s GRU has secretly developed and deployed new malware that’s virtually impossible to eradicate, capable of surviving a complete wipe of a target computer’s hard drive, and allows the Kremlin’s hackers to return again and again.
The malware, uncovered by the European security company ESET, works by rewriting the code flashed into a computer’s UEFI chip, a small slab of silicon on the motherboard that controls the boot and reboot process. Its apparent purpose is to maintain access to a high-value target in the event the operating system gets reinstalled or the hard drive replaced—changes that would normally kick out an intruder.
It’s proof that the hackers known as Fancy Bear “may be even more dangerous than previously thought,” company researchers wrote in a blog post. They’re set to present a paper on the malware at the Blue Hat security conference Thursday.
U.S. intelligence agencies have identified Fancy Bear as two units within Russia’s military intelligence directorate, the GRU, and last July Robert Mueller indicted 12 GRU officers for Fancy Bear’s U.S. election interference hacking.
