An older malware sample known as VectorEDK, which was publicly revealed five years ago as part of the Italian “Hacking Team” leaks, has been repurposed and is now being used by Advanced Persistent Threat (APT) actors targeting government employees in foreign diplomatic roles. In a story originally reported by Wired, Kaspersky has discovered a family of malware which uses the Unified Extensible Firmware Interface (UEFI) to install malware into the victim’s motherboard. Once persistence is achieved through the use of UEFI, a typical malware payload is loaded, nicknamed MosaicRegressor. With the UEFI persistence, even if the victim completely replaces the hard drive and reinstalls the operating system, the malware will redeploy MosaicRegressor malware onto the new disk.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in