Windows PCs from ASUS and Gigabyte are being impacted by the "CosmicStrand" UEFI Rootkit - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Mark Thread UnreadFlat Reading Mode ❐

Windows PCs from ASUS and Gigabyte are being impacted by the "CosmicStrand" UEFI Rootkit

Author Post Essentials Only Full Version
rjohnson11 EVGA Forum Moderator Total Posts : 102311 Reward points : 0 Joined: 2004/10/05 12:44:35 Location: Netherlands Status: online Ribbons : 84 2022/07/27 23:59:44 (permalink) https://www.overclock3d.net/news/software/windows_pcs_from_asus_and_gigabyte_are_being_impacted_by_the_cosmicstrand_uefi_rootkit/1 Kaspersky uncovers the "CosmicStrand" UEFI malware, and it can stay with you after Windows re-installs Researchers as Kaspersky have uncovered a new rootkit that called "CosmicStrand" that is has found its way onto Windows PCs in China, Iran, Vietnam, and Russia. The rootkit has been classified as a "advanced persistent threat" (APT) due to its ability to re-install itself onto systems after a fresh Windows install, thanks to its ability to install itself on your motherboard's UEFI. This new malware is a new variant of "Spy Dragon Trojan", which first infected systems back in 2016/2017. So far, Kaspersky has only found that Windows PCs are affected by this new malware, and that the rootkit has been found on systems made by ASUS and Gigabyte. The only way to clean a system that's infected by this malware is to re-install your motherboard's UEFI. No number of new Windows installs will remove this malware from your system, as fresh Windows installs would simply become re-infected. Currently, Kaspersky has been unable to identify the source of this new rootkit, or how the rootkit made its way onto infected systems in the first place. Kaspersky recommends that businesses regularly update the firmware of their systems and to only use firmware from trusted vendors to prevent their systems from being affected by this threat. That said, the rootkit has reportedly only affected private individuals in affected nations, not companies or organisations. Below is a comment from Kaspersky's Ivan Kwiatkowski, a senior security researcher. Despite being recently discovered, the CosmicStrand UEFI firmware rootkit seems to have been being deployed for quite a long time. This indicates that some threat actors have had very advanced capabilities that they’ve managed to keep under the radar. We are left to wonder what new tools they have created in the meantime that we have yet to discover. Right now, CosmicStrand has only been found on systems in China, Vietnam, Iran, and Russia, which means that CosmicStrand has not made in it onto western systems. I personally believe that the BIOS firmware in the affected systems was downloaded from unauthorized sites, but that is just a guess. AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA #1 2 Replies Related Threads
yaymz SSC Member Total Posts : 736 Reward points : 0 Joined: 2006/09/08 07:14:31 Status: offline Ribbons : 4 Re: Windows PCs from ASUS and Gigabyte are being impacted by the "CosmicStrand" UEFI Rootk 2022/07/28 15:05:41 (permalink) Sounds like it could be state sponsored malware, but we'll just have to wait to see. cpu: Intel 12900k-EK Quantum Magnitude waterblock mobo: Asus z690 Apex ram: G.skill DDR5 @ 6000+. gpu: MSI 4090 Suprim Liq x on EK-Quantum Vector² Trio ABP waterblock ssd: Samsung m.2 980 Pro 2TB (x2) psu: beQuiet Dark Power Pro 1500w case: Lian-li o11d xl monitor: Asus ROG Swift 27" 1440p @240hz (PG279QM).[/ #2
the_Scarlet_one formerly Scarlet-tech Total Posts : 24581 Reward points : 0 Joined: 2013/11/13 02:48:57 Location: East Coast Status: offline Ribbons : 79 Re: Windows PCs from ASUS and Gigabyte are being impacted by the "CosmicStrand" UEFI Rootk 2022/07/28 17:00:45 (permalink) https://forums.evga.com/m/tm.aspx?m=3567109#/m/tm.aspx?m=3566717&fp=3 TSgt Matthew Schwartz SrA Bryan Bell A1C Matthew Seidler SSgt Joseph Fankhauser #3

Jump to:

Back to Mobile