For years, some Gigabyte and Asus motherboards carried UEFI malware
https://www.techspot.com/news/95425-years-g...fi-malware.html
Security firm ESET discovered the first UEFI rootkit that had been used in the wild back in 2018. This type of persistent threat used to be the subject of theoretical discussions among security researchers, but over the past years, it's become clear that it's a lot more common than previously thought, despite being relatively hard to develop.