The MosaicRegressor espionage framework is newly discovered and appears to be the work of Chinese-speaking actors. Researchers from Kaspersky observed several dozen victims who received components from the framework between 2017 and 2019 all of whom had ties to North Korea. The team wasn t able to determine the exact infection vector that allowed the attackers to overwrite the original UEFI firmware. The components were all based on a customized version of the leaked source code of HackingTeam s VectorEDK bootkit.
Source: https://threatpost.com/bootkit-malware-north-korea-diplomats/159846/