Skip to content

Newly discovered bootkit threat used to backdoor Windows systems since 2012

Posted by: GuidePoint Security

< 1 min read

Published 10/14/21, 9:00am

Industry researchers announced last week the discovery of a Unified Extensible Firmware Interface (UEFI) bootkit in active use since 2012 to backdoor Windows systems.

Bootkit malware operates by loading itself onto the system before anything else is loaded, thereby avoiding detection by security software. They are traditionally used by threat actors to enable persistence and maintain control of an operating system’s boot processes. 

Called ESPecter by the industry researchers that discovered it, the threat includes keylogging and document-stealing functionalities, suggesting it is primarily used for espionage, possibly by a Chinese-speaking threat actor.

Additional information can be found on the Indicators of Compromise on the ESPecter threat GitHub site. 

Next Steps

To maintain security against threats like the ESPector bootkit, organizations are reminded to use the latest firmware version, ensure systems are properly configured and Secure Boot is enabled, and apply appropriate privileged account management.

Categories: Blog Cybersecurity

GuidePoint Security

How to Threat Hunt
Presented by Mark Lance, Senior Director of Cyber Defense, GuidePoint Security and Tyler Dever, Cyber Security Engineer, deepwatch
Watch Now

Related Articles

View All

How to Threat Hunt
Read More < 1 min read
  • Application Security
Application Threat Modeling
Read More < 1 min read
  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read