Russian state-sponsored hackers appear to be using malware (https://www.pcmag.com/roundup/354226/the-best-malware-removal-and-protection-tools) that can persist on Windows PCs even after the OS has been reinstalled.

 (https://securitywatch.pcmag.com/)Security firm ESET discovered the powerful malware, dubbed Lojax, infecting a victim's computer and suspects the malicious code came from the hacking group known as Fancy Bear (https://www.pcmag.com/news/359570/russian-linked-hackers-target-foreign-ministries).

The attack targeted the computer's UEFI (https://www.pcmag.com/encyclopedia/term/58377/uefi), which stands for Unified Extensible Firmware Interface, and is used to boot up the system. By re-writing the UEFI, the malware can persist inside the computer's flash memory, allowing it to survive operating system reinstalls and hard disk replacements.
Getting rid of the malware means going in and over-writing the flash storage's memory, "an operation not commonly done and certainly not by the typical user," ESET said in a blog post (https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/).
ESET refrained from naming the owner of the infected computer, but the security firm said it has detected Fancy Bear using different components of Lojax on government organizations based in the Balkans and other Central and Eastern European countries.
According to ESET, Lojax is the first time a UEFI-based rootkit (https://www.pcmag.com/encyclopedia/term/55733/rootkit) has ever been detected attacking a computer system in the real world. Before this, experts had mainly talked about UEFI rootkits as a theoretical attack, although there was evidence that private security firms were selling the hacking tools to government customers.

https://www.pcmag.com/news/364046/russian-hackers-use-malware-that-can-survive-os-reinstalls