New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems

Unlike its predecessors, this new threat—dubbed HybridPetya by ESET analysts—exhibited capabilities that extended beyond conventional userland execution, directly targeting UEFI firmware on vulnerable systems.\n\nThrough a specially crafted cloak.dat archive and the exploitation of CVE-2024-7344, HybridPetya achieves a Secure Boot bypass on outdated platforms, allowing it to install a malicious EFI application into the EFI System Partition.\n\nBy embedding this persistence directly into the firmware layer, HybridPetya ensures the ransomware cannot be removed by standard OS-level remediation tools, elevating its resilience and framing it as a milestone in firmware-targeted threats.\n\nTo read the complete article see: CyberSecurity News