A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkitMoonBounce,characterizedthe malware as the “most advancedUEFIfirmware implant discovered in the wild to date,” adding “the purpose of the