The ability to hide from and evade the operating systemprovides attackers extreme levels of persistence on a compromiseddevice. In addition to evading controls, any malicious code in the firmwareis naturally tied to the hardware of the device as opposed to the software.This means the attacker’s code would naturally persist even across a full re-imaging of system. Such capability is particularly strategic for anattacker as it is often essential to furthering the broader campaign bymaintaining command and control points and facilitating the ongoingattack.