"A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads. ESET researchers discovered the ransomware-bootkit combo after samples were uploaded to VirusTotal in February, and named it HybridPetya because of its similarities to the infamous Petya and NotPetya malware strains."
"The silver lining: the code seems to be just a proof-of-concept (PoC) at this point, and the threat hunters say they've seen no indications of its use in the wild. Also, it doesn't show the same aggressive network propagation as NotPetya. Still, HybridPetya provides yet another example that Secure Boot bypasses, which were still considered an infosec urban legend until a few years ago, do exist. And both ethical hackers and attackers alike are eager to develop new variants."
HybridPetya exploited a patched vulnerability to bypass UEFI Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit able to compromise a PC before the OS loads. ESET researchers discovered the ransomware-bootkit after samples were uploaded to VirusTotal and named it for similarities to Petya and NotPetya. The code appears to be a proof-of-concept with no indications of use in the wild and lacks NotPetya's aggressive network propagation. HybridPetya overwrites disks like its predecessors, abuses UEFI vulnerability CVE-2024-7344 (now revoked by Microsoft in dbx on updated machines), and installs a malicious EFI application to the EFI System Partition.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]