Security News > 2023 > June > NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface bootkit called BlackLotus.

A UEFI bootkit capable of bypassing Windows Secure Boot protections, samples of the malware have since emerged in the wild.

This is accomplished by taking advantage of a known Windows flaw called Baton Drop discovered in vulnerable boot loaders not added into the Secure Boot DBX revocation list.

UEFI bootkits like BlackLotus grant a threat actor complete control over the operating system booting procedure, thereby making it possible to interfere with security mechanisms and deploy additional payloads with elevated privileges.

It's worth noting that BlackLotus is not a firmware threat, and instead hones in on the earliest software stage of the boot process to achieve persistence and evasion.

"UEFI bootkits may lose on stealthiness when compared to firmware implants as bootkits are located on an easily accessible FAT32 disk partition," ESET researcher Martin Smolár said in an analysis of BlackLotus in March 2023.

News URL

https://thehackernews.com/2023/06/nsa-releases-guide-to-combat-powerful.html