“The [malware] sample appears to be targeting facilities that not only have software security in place, but physical security as well. ZKTeco is a global manufacturer of access control systems, including facial recognition, fingerprint scanners and RFID. If the sample is run on a workstation with ZKTeco’s ZKAccess software installed, the process will prematurely terminate.
“These systems would be heavily scrutinised by their administrators, and an infection on one of these machines would likely not go unnoticed,” suggest the researchers, Joseph Landry and Udi Shamir of security software and services company SentinelOne, who uncovered the malware.
“It exhibits traits seen in previous nation-state Rootkits, and appears to have been designed by multiple developers with high-level skills and access to considerable resources.”