A Chinese-speaking hacking group has been observed using a UEFI bootkit to download and install additional malware on targeted computers.
UEFI firmware it is a crucial component for every computer. This crucial firmware inside a flash memory bolted to the motherboard and controls all the computer’s hardware components and helps boot the actual user-facing OS (such as Windows, Linux, macOS, etc.).
Attacks on UEFI firmware are the Holy Grail of every hacker group, as planting malicious code here allows it to survive OS reinstalls.
Nonetheless, despite these benefits, UEFI firmware attacks are rare because tampering with this component is particularly hard as attackers either need physical access to the device or they need to compromise targets via complex supply chain attacks where the UEFI firmware or tools that work with UEFI firmware are modified to insert malicious code.