Cyberespionage group TA402, known for targeting government entities in the Middle East and North Africa, has altered its infection chain tactics three times recently, despite no observed change in its targeting. Its recent campaigns use spear-phishing emails sent from compromised email accounts of legitimate entities, delivering custom malware implant, IronWind. The group’s activities overlap with those attributed to Molerats, Gaza Cybergang, Frankenstein, and WIRTE, suggesting these could all be aliases.
Found in the wild: The world’s first unkillable UEFI bootkit for Linux
Security firm ESET has found the first known example of a Linux UEFI bootkit, a type of malware that infects the Unified Extensible Firmware Interface.
