ADVERTISEMENT

BIOS under attack: hackers increasingly focus on boot threats

Hackers are increasingly focusing on targeting pre-operating system environments, such as UEFI and bootloaders, researchers at Eclypsium warn. Recent vulnerabilities allow attackers to bypass any kernel or OS-level protections and remain undetected.

Hackers targeting bootloaders, Bios, firmware

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
May 26, 2025 Updated: 26 May 2025 2 min read
ADVERTISEMENT

How do attackers get in?

  • BlackLotus bootkit exploited a vulnerability in the Windows bootloader (CVE-2022-21894). It was the first in-the-wild bootkit that could bypass Secure Boot.
  • BootHole vulnerability in GRUB2, a bootloader used in many Linux distributions, allowed arbitrary code execution even with Secure Boot enabled, enabling attackers to install persistent bootkits.
  • EFILock ransomware replaced legitimate bootloaders with malicious ones, preventing systems from booting and demanding a ransom for recovery.
  • Other implanted malware, such as LoJax, MosaicRegressor, and TrickBoot, survive OS reinstalls and hardware replacements.
  • Microsoft’s Threat Intelligence team disclosed dozens of vulnerabilities in multiple open-source bootloaders, “Impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot as well as IoT devices.”
ADVERTISEMENT