MoonBounce

  • First known sample

    2019
  • Discovery

    2022
  • Number of targets

    Unknown
  • Current status

    –°onsidered active
  • Type

    Firmware rootkit
  • Targeted platforms

    Windows
  • TOP targeted countries

    Russia
  • Connected attacks

  • The way of propagation

    Firmware infection
  • Purpose/Functions

    Install additional malicious payload
  • Targets

    Transport tech
  • Implant

    MoonBounce UEFI implant

  • Description

    Moonbounce is a malicious implant hidden within Unified Extensible Firmware Interface (UEFI) firmware, an essential part of computers, in the SPI flash, a storage component external to the hard drive. Such implants are notoriously difficult to remove and are of limited visibility to security products. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement in comparison to formerly reported UEFI firmware bootkits. The researchers attributed the campaign, with considerable confidence, to the well-known advanced persistent threat (APT) actor APT41.

    MoonBounce: the dark side of UEFI firmware