Microsoft released information this week on how threat hunters can identify BlackLotus bootkit infections in their environments.
BlackLotus, which was first discovered in late 2022, offers nation-state capabilities such as secure boot bypass, evasion, and disabling of safeguards like BitLocker, Microsoft Defender, and hypervisor-protected code integrity (HVCI), as well as user access control (UAC).
The bootkit takes advantage of a Windows flaw (CVE-2022-21894) for which proof-of-concept (PoC) code has been accessible since August 2022 in order to disable secure boot. The files that BlackLotus writes to the EFI system partition (ESP) are locked down and rendered inaccessible.
Read More: Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.