Sednit also known as APT28, Sofacy, Strontium and Fancy Bear – has been operating since at least 2004, and has made headlines frequently in the past years: it is believed to be behind major, high profile attacks. For instance, several security companies [1] as well as the US Department of Justice [2] named the group as being responsible for the Democratic National Committee (DNC) hack just before the US 2016 elections. The group is also presumed to be behind the hacking of global television network TV5Monde [3], the World Anti-Doping Agency (WADA) email leak [4] and many others. Its targets are many and the group has a diversified set of malware in its toolbox several of which we have documented previously [5], but this white paper details the first time this group is known to have used a UEFI rootkit.