Private Keys From MSI Data Heist Leaked by Ransomeware Group
The recent cyberattack on Taiwanese PC maker, Micro-Star International (MSI) has resulted in crucial data leak, including the alleged Intel’s BootGuard private keys.
The data leak contains firmware image as well as Intel’s BootGuard private signing keys which will affect 166 MSI products, claims Alex Matrosov, founder, and CEO of Binarly Inc. He further claims that the OEM data leak will impact Intel’s entire ecosystem. As companies like Lenovo, Supermicro, HP, among others depend on Intel’s BootGuard security technology for their products.
Intel’s BootGuard is a hardware-based security technology that protects the system by blocking installation of potentially malicious software, for example, tampered UEFI/BIOS firmware. If any threat actors have access to a device’s private BootGuard key, they could easily tamper with the firmware codes and access sensitive information.
The group responsible for the attack is a recently established ransomware gang named Money Message that was first noticed in March 2023. They target mainly Windows and Linux operating systems and claim to exfiltrate the victim’s data before encrypting it. They then threaten to publish it online on their dark leak site if the ransom is not paid within the specified time.
This method of attack was used by them against MSI, and the data leak was a result of the latter’s refusal to pay the ransom of $4 Million. Following the attack, MSI disclosed that normal operations had gradually resumed with no significant impact on financial business. They also urged users to install firmware/BIOS updates only from their official website, and not files from third-party sources.
Furthermore, following last week’s data leak story, Intel has stated that it is investigating the leak associated with its BootGuard OEM signing keys. They’ve also stated that, ‘’Intel BootGuard OEM keys are generated by the system manufacturer and are not Intel signing keys.’’
“Based on our current review and investigation, Supermicro products are not affected.’’ according to the statement released by Supermicro.
Leave a Comment
Cancel