1.5 TB confidential files such as Intel Boot Guard private key leaked by hacking to MSI
was attacked by the cyber attack group Money Message, and the ransom was not paid, so the files stolen by Money Message were posted on a public server. Among them, in addition to the private key for MSI's firmware, the private key for Intel Boot Guard is also included, and experts point out that it affects the entire ecosystem.
In April 2023, PC maker MSI
Hackers Leak Private Keys for MSI Products, Making It Easier to Attack Them | PCMag
MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors
Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security
MSI announces cyber attack damage, official warns about firmware and BIOS updates - GIGAZINE
In April 2023, MSI was attacked by Money Message. Although MSI immediately announced the attack, it did not mention what the attack was.
After this, Money Message demanded a ransom of $ 4 million (about 540 million yen) from MSI, but MSI refused to pay. Money Message therefore posted the stolen files on a public server.
The exposed files were analyzed by cybersecurity firm Binary and contained signature keys for firmware images of 57 MSI products. Misuse of this key can result in a malicious firmware update disguised as an MSI. Binary CEO Alex Matrosov also points out that the key may be used as a second-stage payload after a phishing attack.
Binary publishes on GitHub which devices are affected.
SupplyChainAttacks/ImpactedDevices.md at main binary-io/SupplyChainAttacks GitHub
In addition, we know that 116 MSI products' Intel Boot Guard keys were included. It has been pointed out that the leakage of Intel Boot Guard keys affects not only MSI but also Intel, Lenovo, Supermicro, etc.
⛓️Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry.— BINARLY???? (@binarly_io) May 5, 2023
????Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel , @Lenovo , @Supermicro_SMCI , and many others industry-wide.
???? #FwHunt is on! https://t.co/NuPIUJQUgr pic.twitter.com/ZB8XKj33Hv
in Security, Posted by logc_nt