I think this is how this bootkit works: Modifies UEFI Firmware (likely inserts a SMM module in ME region) -> you boot -> SMM module somehow hooks into OS to load a driver, stealthily. Driver downloads known / foss RATs, and gives them visibility cover.

Those samples are falsely labelled as "lumma", it's possible the bootkit is fused with lumma, as lumma is one of the rats it deploys post-infection.

I think this bootkit is developed/smuggled out of a elite hacking unit, by "Nir Lichtman" who is very popular in "the com" where he hacks people for "ego", and "status" mainly.

Basically I suspect Nir lichtman to be a rogue state operator who abuses 0-days and toolkits to hack people off discord / telegram drama. As crazy as that sounds.