Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality

AdvIntel & Eclypsium write:

  • TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This marks a significant step in the evolution of TrickBot. Firmware level threats carry unique strategic importance for attackers.

  • It is clear that TrickBot will benefit greatly from including a UEFI level bootkit in their kill chain. They would survive system re-imagining efforts during the recovery phase of a Ryuk or Conti ransomware event, and they would further their ability to semi-permanently brick a device. This provides criminal actors even more leverage during ransom negotiation, and the TrickBot group is already known for being hard-line negotiators.

Read more on AdvIntel.

About the author: Dissent

Comments are closed.