New ask Hacker News story: Ask HN: Do I have a Linux bootkit?

Ask HN: Do I have a Linux bootkit?
3 by WTHISGO | 2 comments on Hacker News.
Lately I noticed my laptop has been acting weirdly, and have been looking for causes. By using nethogs I noticed that my system makes connections to hosting companies, mainly in Germany, from a root account. These entries typically look like this: ? root 10.138.153.2:53498-68.235.39.11:80 tzulo, inc ? root 10.138.153.2:53156-104.26.5.15:443 Cloudflare ? root 10.132.193.74:35374-184.105.99.43:443 Civilized Discourse Construction Kit Inc ? root 10.132.193.74:42738-172.67.70.33:443 Cloudflare ? root 10.132.193.74:56512-199.232.53.91:443 Fastly, Inc It goes both ways, once sending, once receiving. For example when I woken it up from sleep, I had a dozen hosts making connection to my laptop and sending some data. I don't know what, because I'm not knowledgable enough to investigate. But the weirdest part is, I upgraded and downgraded the BIOS, reinstalled the system, and even created live bootable usb stick from a fresh sha verified ISO, and this persists. Both my laptop and desktop are affected. I had only tried Linux Mint and PopOS. I have no access to another computer to create live usb stick on it to see if it still be affected, but I have suspicion this is UEFI based rootkit. What the hell is that?