More about the Moonbounce implant, its targets and capabilities
MoonBounce UEFI implant
Moonbounce is a malicious implant hidden within Unified Extensible Firmware Interface (UEFI) firmware, an essential part of computers, in the SPI flash, a storage component external to the hard drive. Such implants are notoriously difficult to remove and are of limited visibility to security products. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement in comparison to formerly reported UEFI firmware bootkits. The researchers attributed the campaign, with considerable confidence, to the well-known advanced persistent threat (APT) actor APT41.