Security experts from ESET have spotted the first in-the-wild UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. The malware was used by the Russia-linked Sednit group (aka Fancy Bear, APT28, Pawn Storm, Sofacy Group, and STRONTIUM) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe. The discovery marks a milestone in the evolution of the group, it represents an escalation in the complexity of its attacks.”]
Source: https://securityaffairs.co/wordpress/76598/hacking/uefi-rootkit.html