Microsoft has shared guidance to help organizations check if hackers targeted or compromised machines with the BlackLotus UEFI bootkit by exploiting the CVE-2022-21894 vulnerability. Organizations and individuals can also use Microsoft’s advice to recover from an attack and to prevent threat actors using BlackLotus from achieving persistence and evading detection. BlackLotus has been available since
last year on hacking forums, advertised as a piece of malware that evades antivirus detection, resists removal attempts, and can disable various security features (e.g. Defender, HVCI, BitLocker). The price for a license was $5,000, with rebuilds available for $200.The capabilities of the malware were
confirmed in early March by researchers at ESET cybersecurity company, who noted that the malware functioned exactly as advertised.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
