Kaspersky Lab experts tracking the activity of the ####winnti group have discovered an active threat based on a 2006 #bootkit installer. The threat, which they name HDRoot after the original tool’s name HDD Rootkit, is a universal #platform for a sustainable and persistent appearance in a targeted system, which can be used as a foothold for any arbitrary tool.
The Winnti criminal organization is known for industrial #cyber-espionage campaigns targeting software companies, especially those in the gaming industry. Recently it has also been observed to be targeting pharmaceutical businesses.
