The UEFI malware is linked to Fancy Bear (also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM), a threat group that may have ties with the Russian military intelligence agency GRU. Bleeping Computer has more details about the rootkit over here.
The researchers named the rootkit LoJax, after the malicious samples of the LoJack anti-theft software that were discovered earlier this year. That hijacking operation of the legitimate software was also the work of ATP28.The site suggests you can protect yourself against LoJax by switching on Secure Boot. Overall, the risk for average users is low, as LoJax is aimed at high-value targets.
"On systems that were targeted by the LoJax campaign, we found various tools that are able to access and patch UEFI/BIOS settings," ESET says in a report shared with BleepingComputer.