At an online version of the Kaspersky Security Analyst Summit today, researchers Mark Lechtik and Igor Kuznetsov plan to present their findings about that mysterious malware sample, which they detected on the PCs of two of Kaspersky's customers earlier this year. The malware is particularly unusualand disturbingbecause it's designed to alter a target computers Unified Extensible Firmware Interface, the firmware that is used to load the computers operating system.
That MosaicRegressor payload came in the form of a downloader capable of installing new modular components of the malware from a remote server, and the Kaspersky researchers say they weren't able to obtain most of those components. But they did see signs in some cases that the hackers had carried out the typical espionage tactic of collecting and compressing files to ferret back to a server they controlled.
But the researchers note multiple language hints in the hackers' code: one that indicates they wrote in either Korean or Chinese, and another that suggests more clearly they wrote in the simplified Chinese used in mainland China. Kaspersky also observed that the hackers appear to have used a document-builder tool called Royal Road that's popular among Chinese-speaking hackers.
Five of those hackers were indicted earlier this month and accused of working on behalf of China's Ministry of State Security.
The WIRED conversation illuminates how technology is changing every aspect of our livesfrom culture to business, science to design.
Original article