Russian state-sponsored hackers appear to be using malware that can persist on Windows PCs even after the OS has been reinstalled.
Security firm ESET discovered the powerful malware, dubbed Lojax, infecting a victim's computer and suspects the malicious code came from the hacking group known as Fancy Bear.
The attack targeted the computer's UEFI, which stands for Unified Extensible Firmware Interface, and is used to boot up the system. By re-writing the UEFI, the malware can persist inside the computer's flash memory, allowing it to survive operating system reinstalls and hard disk replacements.
Getting rid of the malware means going in and over-writing the flash storage's memory, "an operation not commonly done and certainly not by the typical user," ESET said in a blog post.
https://sea.pcmag.com/news/29623/russian-hackers-use-malware-that-can-survive-os-reinstalls