iLOBleed Rootkit Description
The iLOBleed Rootkit is a new rootkit targeting HP’s Integrated Lights-Out (iLO) server management technology. The iLOBleed Rootkit is the first of its kind to breach HP’s proprietary iLO firmware, bringing extremely high-privilege administrator rights to the actors at play. At the same time, the iLOBleed Rootkit allows the crooks to wipe off entire data servers before admins have even had the chance to see any imminent danger.
The iLOBleed Rootkit remains alive and kicking even after you've reset the entire system due to its dogged persistence. The breach is likely to gain traction in the underground cyberworld because of iLO’s integral connection to the hardware and software architecture of the corresponding HP servers per se and their firmware. The iLOBleed Rootkit's ability to survive multiple OS reinstalls is all the more captivating, as well.
In light of its qualities mentioned above, iLOBleed could potentially destroy any business running HP servers. However, it hasn’t spread far yet because, apart from the crooks who exploit it, no one knows how to infect potential targets since security researchers have yet to find the infection vector.
The hackers behind the iLOBleed Rootkit may be part of an Advanced Persistent Threat (APT) group, and it might, as well, strike again soon. The Rootkit is the first to exploit and find vulnerabilities in firmware, a problem overlooked for quite a while.