Ameet Dhillon

Microsoft Incident Report | CVE-2022-21894

In April 2023, cybersecurity researchers at Microsoft identified a dangerous UEFI bootkit (CVE-2022-21894), dubbed “BlackLotus”. It operates at computer startup, compromising systems and disabling OS security mechanisms.

CVE-2022-40080

A stack overflow vulnerability has been found in the BIOS firmware of Aspire E5-475G laptops, which can allow local attackers to execute arbitrary code and gain escalated privileges during the boot process.

Reference Article
CosmicStrand appears to be the work of an unknown Chinese-speaking threat actor.

Reference Article

The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.

ESET discovered a UEFI bootkit they call “ESPecter” which is so named because it targets the EFI System Partition (ESP).

Dell Article | CVE-2021-21574

A buffer overflow vulnerability has been identified in the Dell BIOSConnect feature, which allows users to update their BIOS firmware from the cloud.

Alert (AA20-352A) – US-Cert – CISA

In December 2020, cybersecurity researchers at FireEye discovered and reported a supply chain attack on SolarWinds software.

Trickboot is an extension of the infamous Trickbot (first identified in 2016) malware. Trickbot developers have created a new module that probes for UEFI vulnerabilities, because

Kaspersky Labs discovered a malware framework they dubbed MosaicRegressor which was used in a series of targeted cyberattacks directed against diplomats and members of an NGO from Africa, Asia, and Europe.

On September 27, 2018, security researchers from ESET publicly disclosed the discovery of a UEFI rootkit named “LoJax” that was “found in the wild.”