Microsoft has provided instructions to assist organisations in determining whether hackers used the CVE-2022-21894 vulnerability to compromise or target computers with the BlackLotus UEFI bootkit. Microsoft’s recommendations can be used by both organisations and people to recover from an attack and stop threat actors utilising BlackLotus from becoming persistent and evading discovery.
Since last year, BlackLotus has been promoted on hacking forums as a piece of malware that can disable different security mechanisms (such as Defender, HVCI, and BitLocker) and avoid antivirus detection. A licence cost $5,000, and rebuilds could be purchased for $200.