Firmware and Below-OS Attack Vectors
Analysis of firmware attacks, hardware implants, and below-the-OS persistence techniques.
Continue your mission
Analysis of firmware attacks, hardware implants, and below-the-OS persistence techniques.
# Firmware and Below-OS Attack Vectors
Firmware attacks occupy a layer of the computing stack that most security programs ignore entirely. They target code that runs before any operating system loads, embedded in chips that manage hardware initialization, remote access, and device behavior at the most fundamental level. Because firmware executes with higher privilege than any OS kernel, and because it persists in non-volatile storage that survives disk wipes and OS reinstallation, a successful firmware compromise gives an attacker a foothold that standard incident response cannot remove. The expansion of internet-connected hardware, from cloud servers with remote management controllers to SOHO routers to industrial sensors, has multiplied the attack surface while firmware security practices have lagged years behind endpoint security maturity.
---
Firmware is software permanently programmed into read-only or flash memory on a hardware device, responsible for initializing components and providing runtime services to operating systems and applications. Below-OS attack vectors are any exploitation techniques that target code or interfaces executing at privilege levels above or beneath the operating system ring hierarchy: firmware stored in SPI flash chips, embedded controllers, management processors, and network device ROMs.
This category includes several distinct subtypes. UEFI and legacy BIOS firmware governs the system boot process on x86 platforms. Baseboard Management Controllers (BMCs) are independent microprocessors that provide out-of-band server management, running their own firmware stack entirely separate from the host OS. Network device firmware runs on routers, switches, firewalls, and access points. Option ROM firmware lives on peripheral cards including network adapters and storage controllers. Embedded controller firmware governs keyboards, power management, and fan control on laptops.
Firmware attacks are distinct from kernel rootkits, which operate within OS address space and can be removed by reinstalling the OS. They are distinct from hypervisor attacks, which target virtualization layers above hardware. They are also distinct from hardware implants, which involve physical modification of silicon or circuit boards, though the outcomes of firmware attacks can resemble hardware implant behavior.
What firmware attacks are not: they are not simply exploiting a service running on an operating system, and they are not memory corruption vulnerabilities in application software. The defining characteristic is persistence that survives any software-only remediation, including complete OS reinstallation, disk replacement, and even some factory reset procedures.
---
UEFI firmware resides in SPI flash memory soldered to the motherboard. On most consumer and enterprise systems, this flash memory can be written by privileged software at runtime if platform protections are misconfigured or bypassed. An attacker who achieves OS-level administrative access, or who exploits a UEFI driver vulnerability, can overwrite portions of the firmware image to implant a persistent rootkit.
The attack sequence for a UEFI implant typically follows these steps. First, the attacker obtains ring-0 or equivalent privilege on the target system, either through an OS vulnerability, a supply chain compromise, or physical access. Second, the attacker maps the SPI flash device into memory and uses a vulnerable or legitimately-signed UEFI module to disable write protections, specifically the BIOS Write Enable bit in chipset registers. Third, the attacker writes a malicious UEFI DXE driver or bootkit into the firmware image stored on flash. Fourth, on every subsequent reboot, the UEFI firmware initializes the malicious module before any OS code executes, allowing the implant to modify OS boot components, disable security features, or inject code into the running kernel.
BlackLotus, first documented in public reporting in early 2023, demonstrated that a UEFI bootkit could bypass Secure Boot on fully-patched Windows 11 systems by exploiting a vulnerability in the Windows Boot Manager (CVE-2022-21894). The exploit used a legitimately-signed but vulnerable bootloader to disable Secure Boot enforcement, then installed a kernel driver that disabled Windows Defender and other endpoint protections. Crucially, because the malicious boot components were written to the EFI System Partition and could re-infect the system from there, removing the implant required more than a simple OS reinstall.
CosmicStrand, attributed to a Chinese-nexus threat actor and affecting ASUS and Gigabyte motherboard firmware, operated by hooking UEFI functions during the boot process to inject shellcode into the Windows kernel every time the system started. Victims who reformatted their drives and reinstalled Windows remained infected because the implant lived entirely in the motherboard's SPI flash.
The Baseboard Management Controller is a separate processor on server motherboards that enables remote management functions: virtual keyboard/video/mouse (KVM) access, power cycling, sensor monitoring, and BIOS configuration. BMCs run their own Linux-based or proprietary firmware and maintain network connectivity even when the host server is powered off.
BMC attacks follow a predictable pattern. First, attackers identify BMC network interfaces, which are frequently exposed on flat management networks without sufficient access controls. Default credentials remain common: HP iLO systems ship with well-known default accounts, and many organizations never change them. Second, attackers exploit known vulnerabilities in BMC web interfaces or IPMI protocol implementations. Third, successful compromise allows firmware modification, creating persistent backdoors that survive firmware update attempts.
iLO vulnerabilities disclosed in 2021-2022 included multiple critical remote code execution flaws that allowed unauthenticated attackers to execute arbitrary commands on BMCs across HP's ProLiant server line. Because iLO has direct memory access (DMA) to host system RAM and can intercept or modify any data the host processes, BMC compromise represents complete system compromise regardless of host OS security controls.
The attack path for BMC compromise creates persistent covert access that survives host OS reinstallation and even physical server re-provisioning. An attacker with BMC access can install malicious UEFI modules on the host system, intercept disk encryption keys as they are processed in memory, or maintain covert network access through the BMC's independent network interface.
Network devices present a different but equally serious variant of the problem. Cisco IOS-XE exploitation via CVE-2023-20198 in October 2023 resulted in tens of thousands of devices being compromised within days of public disclosure. Attackers created high-privilege accounts and installed implants in device memory. While some implants were not persistent across reboots, the speed of mass exploitation and the difficulty of inventory visibility on network devices created remediation windows measured in weeks for many organizations.
The attack sequence for network device firmware compromise begins with identifying internet-facing management interfaces. Many organizations expose SSH, SNMP, or web management on routers and firewalls to enable remote administration. Attackers scan for these interfaces systematically, then attempt known exploits or credential stuffing attacks. Success provides administrative access to the device's operating system.
From administrative access, attackers can modify device firmware in several ways. Some devices allow firmware uploads through the management interface without cryptographic signature verification. Others store configuration and some executable code in NVRAM that persists across reboots. Advanced attackers modify the device's bootloader to load malicious code during the device initialization sequence, creating implants that survive firmware updates unless the bootloader itself is reflashed.
KV-Botnet, associated with Volt Typhoon activity and documented by Lumen Technologies and CISA, targeted end-of-life SOHO routers and VPN appliances from Cisco, Netgear, and others. The botnet used compromised devices as operational relay infrastructure, embedding implants in firmware that persisted across device reboots and allowed covert routing of traffic to obscure the origin of intrusion activity.
Platform security features can significantly reduce firmware attack success rates when properly configured. Intel Boot Guard and AMD Platform Secure Boot create hardware-enforced firmware integrity verification from the first instruction executed after power-on. These features require firmware images to be cryptographically signed by keys burned into processor fuses during manufacturing, preventing unauthorized firmware modification even with privileged software access.
UEFI Secure Boot, when properly implemented, validates the cryptographic signatures of boot components before execution. However, Secure Boot depends on maintaining an updated Secure Boot key database that revokes compromised or vulnerable signing certificates. The BlackLotus attack succeeded partly because vulnerable but legitimately-signed bootloaders remained in Secure Boot allow-lists.
Trusted Platform Module (TPM) chips provide hardware-rooted attestation capabilities through measured boot. During system startup, the TPM records cryptographic measurements of firmware and boot components in Platform Configuration Registers (PCRs). Remote attestation protocols can verify these measurements against known-good values, detecting firmware modifications. However, measured boot provides detection, not prevention, and requires infrastructure to collect and analyze attestation data.
For network devices, firmware signing and verified boot capabilities vary significantly by vendor and device category. Enterprise networking equipment from major vendors increasingly supports cryptographically signed firmware images and secure boot processes. Consumer and SOHO devices generally do not. Organizations should prioritize procurement of devices that support firmware integrity verification and establish maintenance windows for firmware updates that match vendor security release schedules.
---
Standard incident response playbooks are built on the assumption that reimaging a compromised system produces a clean system. Firmware attacks invalidate this assumption entirely. An organization that detects a compromise, reinstalls the operating system, and returns a server to production may be handing an attacker a freshly configured system on which the persistent implant continues to operate. This gap between incident response assumptions and firmware-layer reality translates directly into extended dwell times and repeated compromise.
The business impact is substantial. Server firmware compromise through a BMC can give an attacker complete visibility into all data processed by that server, the ability to modify OS images at rest, and the means to survive all standard remediation steps. For cloud providers, managed service providers, and financial institutions where servers process sensitive customer data continuously, a persistent BMC implant represents a catastrophic ongoing exposure.
Network device firmware compromise creates different but equally serious risks. Compromised routers and firewalls can intercept, modify, or redirect network traffic without detection by endpoint security tools. For organizations that depend on VPN concentrators or cloud security appliances for perimeter protection, firmware-level compromise of these devices effectively eliminates the security boundary they were intended to enforce.
A persistent misconception in enterprise security is that firmware attacks are exclusively the domain of nation-state actors and therefore not relevant to most organizations. This is incorrect for several reasons. First, nation-state tooling does not stay nation-state-exclusive: techniques and sometimes actual tools migrate to criminal actors over time, as demonstrated by the commoditization of EternalBlue following the Shadow Brokers release. Second, the vulnerable firmware in SOHO routers and network appliances is actively targeted by criminal actors, not only by APT groups, because it provides persistent, difficult-to-detect relay infrastructure for other operations.
Another misconception is that Secure Boot prevents firmware attacks. BlackLotus demonstrated that even properly implemented Secure Boot can be bypassed when the Secure Boot signing chain contains a vulnerable but legitimately-signed component. Secure Boot is a necessary baseline control, not a complete solution. It must be combined with UEFI firmware update policies, Secure Boot key database management, and runtime integrity monitoring.
The scale problem compounds the technical problem. Large organizations operate thousands of servers, network devices, and appliances, each with firmware that requires independent security maintenance. Unlike operating systems, which have established patch management processes and vendor support lifecycles, firmware updates are often irregular, poorly documented, and require device-specific procedures that do not integrate with standard patch management tools. Organizations that successfully maintain current OS patch levels may be running firmware that is years behind current vendor releases.
---
CDA approaches firmware and below-OS threats through the Threat Intelligence Domain (TID) of the Planetary Defense Model, applying Predictive Defense Intelligence to identify firmware attack indicators before an implant is established and to inventory vulnerable firmware before known-exploitable vulnerabilities are disclosed. The key insight is that firmware security is primarily an asset visibility and intelligence correlation problem, not a detection problem.
Within TID, CDA operationalizes threat intelligence about firmware threats by maintaining firmware version data as a first-class asset attribute, not an afterthought in general asset management databases. When intelligence reporting identifies a new firmware vulnerability or implant campaign, the PDI process immediately cross-references known affected device models and firmware versions against the client asset inventory to identify exposed assets. This enables patch prioritization based on actual exposure rather than theoretical vulnerability.
The practical application of PDI to firmware threats starts with inventory that includes firmware version data for all managed devices: servers, network equipment, and appliances. This inventory must be current and automated, because firmware versions do not appear in standard endpoint detection tools or network scanning results. CDA implements firmware inventory through multiple collection methods: BMC management interfaces for server firmware, SNMP polling for network device firmware, and agent-based collection for endpoint UEFI firmware.
CDA treats BMC and network device management interfaces as intelligence collection surfaces, not just attack vectors to remediate. Anomalous BMC authentication events, unexpected firmware update attempts, and out-of-band management traffic to unusual destinations are early warning indicators that an adversary has identified management interfaces as an objective. CDA integrates these signals into threat detection pipelines rather than siloing them in infrastructure monitoring tools where alerts are often ignored.
The CDA approach differs from conventional firmware security in several ways. First, CDA prioritizes inventory visibility over endpoint detection. Most firmware attacks are undetectable by endpoint security tools because they operate below the OS layer. Therefore, preventing firmware attacks requires knowing what firmware versions are deployed and ensuring those versions are current, rather than trying to detect implants after compromise. Second, CDA treats firmware maintenance as a supply chain risk management function that requires vendor evaluation and procurement controls, not only a patching function. Device procurement standards should require firmware signing, Secure Boot compatibility, and vendor-committed firmware maintenance windows.
---
---
---
CDA Theater missions that address topics covered in this article.
Lazarus Group is North Korea's primary advanced persistent threat operation, operating under the RGB (Reconnaissance General Bureau), the DPRK's primary foreign intelligence service.
Salt Typhoon is a Chinese state-sponsored advanced persistent threat (APT) group that conducts signals intelligence collection operations against telecommunications infrastructure.
Evidence collection, chain of custody, forensic imaging, and analysis techniques for incident investigations.
Written by CDA Editorial
Found an issue? Help improve this article.