Last month, the cybercriminals responsible for the ransomware attack on MSI, a Taiwanese PC manufacturer, disclosed the company’s private code signing keys on their hidden online platform.
Alex Matrosov, the founder and CEO of firmware security firm Binarly, confirmed the leak. In a recent tweet, “Verified, Intel OEM private key exposed, causing repercussions throughout the entire network.”
“Intel Boot Guard may not be effective on specific devices utilizing the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake,” he added.
More to know
Among the compromised data is the firmware image signing keys associated with
- 57 PCs and the private signing keys for Intel Boot Guard used in 116 MSI products. The exposure of Boot Guard keys from MSI is expected to impact various device vendors, including Intel, Lenovo, and Supermicro.
This incident follows MSI’s fall victimization to a double extortion ransomware attack conducted by a newly identified ransomware group called Money Message.
In a press release, the company said: MSI recently suffered a cyberattack on the part of its information systems. Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms, carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. The affected systems have gradually resumed normal operations without significantly impacting financial business.
How to be preventive?
In a regulatory filing, MSI stated that “affected systems have gradually resumed normal operations, with no significant impact on financial business.” However, they urged users to exclusively obtain firmware/BIOS updates from their official website and refrain from downloading files from other sources.
The unauthorized disclosure of these keys poses significant risks. Threat actors can use them to sign malicious updates and payloads, seamlessly deploying them on targeted systems without triggering any alarms.
Additionally, MSI issued an advisory urging users to exercise caution regarding fraudulent emails targeting the online gaming community, falsely claiming to be from the company, and proposing potential collaborations.
Final reflection
The recent data breach suffered by MSI and the exposure of their private code signing keys is a stark reminder of the ever-present threat of ransomware attacks. This incident underscores the importance of implementing robust cybersecurity measures, such as regularly updating firmware and BIOS from official manufacturer websites and remaining cautious of fraudulent emails or suspicious communications.
Organizations and individuals alike must stay informed about the latest security threats, deploy adequate defenses, and maintain backup systems to mitigate the impact of potential ransomware attacks.
Be proactive, educated, and vigilant!!