LoJack was designed so that a completely erased computer could still be detected. Thanks to small changes in the software code, the hackers managed to nest their malicious software in the 'firmware' of infected devices, the pre-installed software that sits one layer deeper in the system than the operating software. That way, they can still re-infect a computer from which all viruses have already been removed.
The Canadian team, led by Alexis Dorais-Joncas, was able to prove that LoJax is the work of the notorious hacker group Fancy Bear, also known by names like Sednit or APT28. This is the same group believed to be responsible for the break-in of the US Democratic Party's mail servers in 2016, which Western intelligence agencies believe is controlled by the Kremlin. 'About the identity of the hackers we make no statements,' Dorais-Joncas said in an interview with De Tijd. 'For security companies, it is technically impossible to say anything about this with 100 per cent certainty anyway. Hackers can also deliberately leave misleading traces. What we do know is that Fancy Bear is a group that targets geopolitical targets and is therefore probably funded by a state.'