Dwelling › Virus & Threats

New ‘Black Lotus’ UEFI Rootkit Gives APT-Stage Capabilities to Cybercriminals

By Ionut Arghire on October 17, 2022

Tweet

A risk actor is selling on underground felony boards a vendor-independent UEFI rootkit that may disable safety software program and controls, cybersecurity veteran Scott Scheferman warns.

Dubbed ‘Black Lotus’, the Home windows rootkit is a robust, persistent instrument being supplied on the market at $5,000, with $200 funds per new model and that includes capabilities resembling these employed by state-sponsored risk actors.

Written in Meeting and C, Black Lotus is 80 kilobytes in dimension and options geofencing, to keep away from infecting nations within the CIS area.

In accordance with Scheferman, the risk packs evasion capabilities similar to anti-virtualization, anti-debugging, and code obfuscation, and may disable safety functions and protection mechanisms heading in the right direction machines, together with Hypervisor-protected Code Integrity (HVCI), BitLocker, and Home windows Defender.

By loading code earlier than the booting course of completes, the rootkit can bypass consumer entry management (UAC) and safe boot, it might load unsigned drivers, and may persist undetected within the UEFI firmware of the goal machine, supposedly indefinitely.

Black Lotus, Scheferman says, gives a full set of capabilities to attackers, together with file switch and tasking assist, and may probably turn out to be a significant risk throughout IT and OT environments.

“Contemplating this tradecraft was relegated to APTs just like the Russian GRU and APT 41 (China nexus), and contemplating prior felony discoveries we have made (e.g. Trickbot’s #Trickboot module), this represents a little bit of a ‘leap’ ahead, when it comes to ease of use, scalability, accessibility and most significantly, the potential for way more affect within the types of persistence, evasion and/or destruction,” Scheferman says.

In accordance with Scheferman, Black Lotus supposedly with the ability to goal a broad vary of machine varieties would possibly recommend that its builders are focusing on an undocumented bootloader vulnerability impacting many distributors.

Kaspersky too received wind of Black Lotus, declaring that the rootkit’s superior capabilities had been beforehand typical of nation-state malware, however at the moment are more and more accessible to cybercriminals.

Associated: Chinese language UEFI Rootkit Discovered on Gigabyte and Asus Motherboards

Associated: Avast: New Linux Rootkit and Backdoor Align Completely

Associated: Subtle iLOBleed Rootkit Targets HP Servers

Get the Day by day Briefing

• Most Latest
• Most Learn

• New ‘Black Lotus’ UEFI Rootkit Gives APT-Stage Capabilities to Cybercriminals
• Cybersecurity M&A Roundup for October 1-15, 2022
• Flaw in Microsoft OME May Result in Leakage of Encrypted Knowledge
• Timing Assaults Can Be Used to Test for Existence of Personal NPM Packages
• IronVest Emerges From Stealth Mode With $23 Million in Seed Funding
• New ‘Alchimist’ Assault Framework Targets Home windows, Linux, macOS
• Seven ‘Creepy’ Backdoors Utilized by Lebanese Cyberspy Group in Israel Assaults
• BAE Releases New Cybersecurity System for F-16 Fighter Plane
• PoC Printed for Fortinet Vulnerability as Mass Exploitation Makes an attempt Start
• Austria’s Kurz Units up Cyber Agency With Ex-NSO Chief

Searching for Malware in All of the Flawed Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Methods to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Enticing

Methods to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

https://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.