A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41).
Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the “most advanced UEFI firmware implant discovered in the wild to date,” adding “the purpose of the
lecrab