1.5 TB confidential files such as Intel Boot Guard private key leaked by hacking to MSI

In April 2023, PC maker MSI

was attacked by the cyber attack group Money Message, and the ransom was not paid, so the files stolen by Money Message were posted on a public server. Among them, in addition to the private key for MSI's firmware, the private key for Intel Boot Guard is also included, and experts point out that it affects the entire ecosystem.

Hackers Leak Private Keys for MSI Products, Making It Easier to Attack Them | PCMag

MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors


Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security


In April 2023, MSI was attacked by Money Message. Although MSI immediately announced the attack, it did not mention what the attack was.

MSI announces cyber attack damage, official warns about firmware and BIOS updates - GIGAZINE

After this, Money Message demanded a ransom of $ 4 million (about 540 million yen) from MSI, but MSI refused to pay. Money Message therefore posted the stolen files on a public server.

The exposed files were analyzed by cybersecurity firm Binary and contained signature keys for firmware images of 57 MSI products. Misuse of this key can result in a malicious firmware update disguised as an MSI. Binary CEO Alex Matrosov also points out that the key may be used as a second-stage payload after a phishing attack.

Binary publishes on GitHub which devices are affected.

SupplyChainAttacks/ImpactedDevices.md at main binary-io/SupplyChainAttacks GitHub

In addition, we know that 116 MSI products' Intel Boot Guard keys were included. It has been pointed out that the leakage of Intel Boot Guard keys affects not only MSI but also Intel, Lenovo, Supermicro, etc.

in Security, Posted by logc_nt