{"id":4351,"date":"2015-07-20T00:56:39","date_gmt":"2015-07-20T03:56:39","guid":{"rendered":"https:\/\/www.kwell.net\/kwell_blog\/?p=4351"},"modified":"2015-07-17T18:57:58","modified_gmt":"2015-07-17T21:57:58","slug":"hacking-team-utilizaba-rootkit-de-bios-uefi","status":"publish","type":"post","link":"https:\/\/www.kwell.net\/kwell_blog\/?p=4351","title":{"rendered":"Hacking Team utilizaba Rootkit de BIOS UEFI"},"content":{"rendered":"<p>La semana pasada alguien <a href=\"http:\/\/blog.segu-info.com.ar\/2015\/07\/la-empresa-hacking-team-hackeada-400gb.html\" target=\"_blank\" rel=\"nofollow\"><span style=\"color: #03b2dc;\">hacke\u00f3 a la empresa Hacking Team<\/span><\/a>, fabricante de ciberarmas en Italia y filtr\u00f3 la enorme cantidad de 400GB de datos internos, incluyendo:<\/p>\n<ul>\n<li>Mensajes de correo electr\u00f3nico<\/li>\n<li>Herramientas de hacking y de control remoto (RCS) &#8211; Galileo<\/li>\n<li>Vulnerabilidades 0-Day<\/li>\n<li>Herramientas de vigilancia<\/li>\n<li>C\u00f3digo fuente de software esp\u00eda<\/li>\n<li>Hojas de c\u00e1lculos con la lista de cliente de gobiernos y pa\u00edses<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<p>Ahora, los <a href=\"http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems\/\" target=\"_blank\" rel=\"nofollow\"><span style=\"color: #03b2dc;\">investigadores de Trend Micro encontraron<\/span><\/a> que el equipo de Hacking <i>&#8220;utiliza un Rootkit de BIOS UEFI (Unified Extensible Firmware Interface) para mantener a su agente de sistema de Control remoto (RCS) instalado en los sistemas de sus objetivos&#8221;<\/i>. Seg\u00fan los investigadores, el <i>rootkit<\/i> s\u00f3lo es capaz de atacar sistemas UEFI BIOS de Insyde y AMI, utilizados por la mayor\u00eda de los fabricantes de <i>laptop<\/i> y computadoras.<\/p>\n<p><center><img decoding=\"async\" loading=\"lazy\" title=\"hacking-team-uefi-bios-rootkit\" src=\"https:\/\/i0.wp.com\/4.bp.blogspot.com\/-4k6_E5DkYkU\/VaTs9I_yyiI\/AAAAAAAAjik\/LvA_xij1M6g\/s1200\/hacking-team-uefi-bios-rootkit.jpg?resize=580%2C331\" alt=\"\" width=\"580\" height=\"331\" border=\"0\" data-recalc-dims=\"1\" \/><\/center>Esto significa que aunque el usuario vuelva a instalar su sistema operativo, formatee el disco o incluso compre un nuevo disco, los agentes seguir\u00e1n activos cuando el sistema arranque.<\/p>\n<p>Sin embargo, en este momento los investigadores no est\u00e1n seguros si el malware puede completar la instalaci\u00f3n del rootkit sin acceso f\u00edsico a la m\u00e1quina. El an\u00e1lisis de <i>rootkit<\/i> realizado por los investigadores de Trend Micro s\u00f3lo fue posible debido a que el c\u00f3digo fuente del software esp\u00eda se filtro la \u00faltima semana. Hasta ahora, se han descubierto <a href=\"http:\/\/blog.segu-info.com.ar\/2015\/07\/vulnerabilidad-0-day-en-flash-player.html\" target=\"_blank\" rel=\"nofollow\"><span style=\"color: #03b2dc;\">dos vulnerabilidades<\/span><\/a> <a href=\"http:\/\/blog.segu-info.com.ar\/2015\/07\/segundo-exploit-0-day-de-flash-de-nuevo.html\" target=\"_blank\"><span style=\"color: #03b2dc;\">0-Day de Adobe Flash Player<\/span><\/a> y un exploit 0-Day de Android y ahora este <i>rootkit<\/i> de BIOS d\u00e1 m\u00e1s luz sobre todas las actividades del equipo.<\/p>\n<p>Fuente: <a href=\"http:\/\/thehackernews.com\/2015\/07\/hacking-uefi-bios-rootkit.html\" target=\"_blank\" rel=\"nofollow\"><span style=\"color: #03b2dc;\">The Hacker News<\/span><\/a><\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Comparte esto:<\/h3><div class=\"sd-content\"><ul><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-4351\" class=\"share-facebook sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=facebook\" target=\"_blank\" title=\"Haz clic para compartir en Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-4351\" class=\"share-twitter sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=twitter\" target=\"_blank\" title=\"Haz clic para compartir en Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BEntrada%20compartida%5D%20Hacking%20Team%20utilizaba%20Rootkit%20de%20BIOS%20UEFI&body=https%3A%2F%2Fwww.kwell.net%2Fkwell_blog%2F%3Fp%3D4351&share=email\" target=\"_blank\" title=\"Haz clic para enviar un enlace por correo electr\u00f3nico a un amigo\" data-email-share-error-title=\"\u00bfTienes un correo electr\u00f3nico configurado?\" data-email-share-error-text=\"Si tienes problemas al compartir por correo electr\u00f3nico, es posible que sea porque no tengas un correo electr\u00f3nico configurado en tu navegador. Puede que tengas que crear un nuevo correo electr\u00f3nico t\u00fa mismo.\" data-email-share-nonce=\"7b1103f085\" data-email-share-track-url=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=email\"><span>Correo electr\u00f3nico<\/span><\/a><\/li><li class=\"share-jetpack-whatsapp\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-jetpack-whatsapp sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=jetpack-whatsapp\" target=\"_blank\" title=\"Haz clic para compartir en WhatsApp\" ><span>WhatsApp<\/span><\/a><\/li><li class=\"share-skype\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-skype-4351\" class=\"share-skype sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=skype\" target=\"_blank\" title=\"Haz clic para compartir en Skype\" ><span>Skype<\/span><\/a><\/li><li class=\"share-print\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-print sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351\" target=\"_blank\" title=\"Haz clic para imprimir\" ><span>Imprimir<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-4351\" class=\"share-linkedin sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=linkedin\" target=\"_blank\" title=\"Haz clic para compartir en LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>La semana pasada alguien hacke\u00f3 a la empresa Hacking Team, fabricante de ciberarmas en Italia y filtr\u00f3 la enorme cantidad de 400GB de datos internos, incluyendo: Mensajes de correo electr\u00f3nico Herramientas de hacking y de control remoto (RCS) &#8211; Galileo Vulnerabilidades 0-Day Herramientas de vigilancia C\u00f3digo fuente de software esp\u00eda Hojas de c\u00e1lculos con la &hellip;<br \/><a href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351\">Read more <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Comparte esto:<\/h3><div class=\"sd-content\"><ul><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-4351\" class=\"share-facebook sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=facebook\" target=\"_blank\" title=\"Haz clic para compartir en Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-4351\" class=\"share-twitter sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=twitter\" target=\"_blank\" title=\"Haz clic para compartir en Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BEntrada%20compartida%5D%20Hacking%20Team%20utilizaba%20Rootkit%20de%20BIOS%20UEFI&body=https%3A%2F%2Fwww.kwell.net%2Fkwell_blog%2F%3Fp%3D4351&share=email\" target=\"_blank\" title=\"Haz clic para enviar un enlace por correo electr\u00f3nico a un amigo\" data-email-share-error-title=\"\u00bfTienes un correo electr\u00f3nico configurado?\" data-email-share-error-text=\"Si tienes problemas al compartir por correo electr\u00f3nico, es posible que sea porque no tengas un correo electr\u00f3nico configurado en tu navegador. Puede que tengas que crear un nuevo correo electr\u00f3nico t\u00fa mismo.\" data-email-share-nonce=\"7b1103f085\" data-email-share-track-url=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=email\"><span>Correo electr\u00f3nico<\/span><\/a><\/li><li class=\"share-jetpack-whatsapp\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-jetpack-whatsapp sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=jetpack-whatsapp\" target=\"_blank\" title=\"Haz clic para compartir en WhatsApp\" ><span>WhatsApp<\/span><\/a><\/li><li class=\"share-skype\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-skype-4351\" class=\"share-skype sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=skype\" target=\"_blank\" title=\"Haz clic para compartir en Skype\" ><span>Skype<\/span><\/a><\/li><li class=\"share-print\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-print sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351\" target=\"_blank\" title=\"Haz clic para imprimir\" ><span>Imprimir<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-4351\" class=\"share-linkedin sd-button share-icon\" href=\"https:\/\/www.kwell.net\/kwell_blog\/?p=4351&amp;share=linkedin\" target=\"_blank\" title=\"Haz clic para compartir en LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[1],"tags":[19],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=\/wp\/v2\/posts\/4351"}],"collection":[{"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4351"}],"version-history":[{"count":1,"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=\/wp\/v2\/posts\/4351\/revisions"}],"predecessor-version":[{"id":4352,"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=\/wp\/v2\/posts\/4351\/revisions\/4352"}],"wp:attachment":[{"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kwell.net\/kwell_blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}