Kaspersky unearthed MoonBounce, a custom UEFI firmware implant, that can hide in the system across disk formatting or replacement. It appears to be the brainwork of the Chinese Winnti group. The infection chain does not leave any evidence and works entirely in memory. Researchers advise enabling Secure Boot by default and updating firmware regularly.