MSI PC maker signing keys found on the dark web

Alert! MSI PC maker signing keys found on the dark web

2 Mins Read

PUREVPNNewsAlert! MSI PC maker signing keys found on the dark web

Last month, the cybercriminals responsible for the ransomware attack on MSI, a Taiwanese PC manufacturer, disclosed the company’s private code signing keys on their hidden online platform.

Alex Matrosov, the founder and CEO of firmware security firm Binarly, confirmed the leak. In a recent tweet, “Verified, Intel OEM private key exposed, causing repercussions throughout the entire network.”

“Intel Boot Guard may not be effective on specific devices utilizing the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake,” he added.

More to know

Among the compromised data is the firmware image signing keys associated with 

  • 57 PCs and the private signing keys for Intel Boot Guard used in 116 MSI products. The exposure of Boot Guard keys from MSI is expected to impact various device vendors, including Intel, Lenovo, and Supermicro.

This incident follows MSI’s fall victimization to a double extortion ransomware attack conducted by a newly identified ransomware group called Money Message.

In a press release, the company said: MSI recently suffered a cyberattack on the part of its information systems. Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms, carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. The affected systems have gradually resumed normal operations without significantly impacting financial business.

How to be preventive?

In a regulatory filing, MSI stated that “affected systems have gradually resumed normal operations, with no significant impact on financial business.” However, they urged users to exclusively obtain firmware/BIOS updates from their official website and refrain from downloading files from other sources.

The unauthorized disclosure of these keys poses significant risks. Threat actors can use them to sign malicious updates and payloads, seamlessly deploying them on targeted systems without triggering any alarms.

Additionally, MSI issued an advisory urging users to exercise caution regarding fraudulent emails targeting the online gaming community, falsely claiming to be from the company, and proposing potential collaborations.

Final reflection

The recent data breach suffered by MSI and the exposure of their private code signing keys is a stark reminder of the ever-present threat of ransomware attacks. This incident underscores the importance of implementing robust cybersecurity measures, such as regularly updating firmware and BIOS from official manufacturer websites and remaining cautious of fraudulent emails or suspicious communications. 

Organizations and individuals alike must stay informed about the latest security threats, deploy adequate defenses, and maintain backup systems to mitigate the impact of potential ransomware attacks.

Be proactive, educated, and vigilant!! 

author

PureVPN

date

May 9, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024
The Rise of Malvertising Attacks by FIN7

The Rise of Malvertising Attacks by FIN7
Posted on May 13, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN