AdvIntel & Eclypsium write:
-
TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This marks a significant step in the evolution of TrickBot. Firmware level threats carry unique strategic importance for attackers.
-
It is clear that TrickBot will benefit greatly from including a UEFI level bootkit in their kill chain. They would survive system re-imagining efforts during the recovery phase of a Ryuk or Conti ransomware event, and they would further their ability to semi-permanently brick a device. This provides criminal actors even more leverage during ransom negotiation, and the TrickBot group is already known for being hard-line negotiators.
Read more on AdvIntel.