/tech/ - Technology

Buffer overflow

Site Announcements

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)
Drag files to upload or click here to select them

Board Rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Magrathea | Catalog | Bottom

Expand All Images


(198.71 KB 900x900 nir_lichtman.jpg)
Nir lichtman - rogue state actor Nir Bitchman 07/17/2025 (Thu) 09:33 [Preview] No. 15676 [X]
These samples contain an undocumented UEFI firmware bootkit that is actively exploited in the wild.

https://www.virustotal.com/gui/file/1336a5d6c078bbf7552052f1e8719e3a97c955a3b0b71d52aeeb7f4755ccb0d8/

https://www.virustotal.com/gui/file/16e037d7b5f6a8e02b73671e1214b7979eb5d0ab0fc1106cf4c321f0ff53e13a/

I think this is how this bootkit works:
Modifies UEFI Firmware (likely inserts a SMM module in ME region) -> you boot -> SMM module somehow hooks into OS to load a driver, stealthily. Driver downloads known / foss RATs, and gives them visibility cover.

Those samples are falsely labelled as "lumma", it's possible the bootkit is fused with lumma, as lumma is one of the rats it deploys post-infection.

I think this bootkit is developed/smuggled out of a elite hacking unit, by "Nir Lichtman" who is very popular in "the com" where he hacks people for "ego", and "status" mainly.

Basically Nir lichtman to be a rogue state operator who abuses 0-days and toolkits to hack people off discord / telegram drama. As crazy as that sounds, yeah this guy really has 0-days and firmware implants from some intel agency and is using it to win Discord / Telegram drama lol

Also seems to be affiliated somehow somehow with "hack.org" site.



Top | Catalog | Post a reply | Magrathea | Return