Researchers from security firm ESET this week published new findings on the attack tool, which improves upon the older Sofacy backdoor, and combines downloaders and remote administration tools to allow attackers to control compromised systems. ESET used telemetry generated by systems using its security agent to observe the initial Zebrocy infection via spearphishing attacks and subsequent commands, the company stated in an analysis. "We were able to monitor the way they use the Zebrocy malware after they infected their target, including all the interactions they had with the infected systems, and gain some intelligence," says Alexis Dorais-Joncas, security intelligence team lead for ESET. In 2018, for example, ESET discovered that the Sednit group had successfully deployed a Unified Extensible Firmware Interface (UEFI) rootkit, dubbed LoJax, which infects the basic hardware operating system and can survive rebooting the system. Once installed, the operators would quickly perform reconnaissance on the system and gather operating system and file information, as well as other details about the system.