Back in April, MSI became the victim of a ransomware attack but said that the security breach of its servers was of no significant impact on its finances or operations. It appears that the Taiwanese brand had been less than truthful because some rather important data stolen from the breach has made its way onto the Dark Web.
One cybersecurity researcher, Alex Matrosov, discovered that Intel’s BootGuard private keys, which were stolen from the MSI ransomware attack, had already been leaked online, and posted his finding on Twitter. “Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem,” Mastrosov tweeted.
⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates. https://t.co/rkxZIpReE8 pic.twitter.com/fLopw1qeSD
— Alex Matrosov (@matrosov) May 5, 2023
“The data has now been made public, revealing a vast number of private keys that could affect numerous devices,” he further tweeted. “FW Image Signing Keys: 57 products; Intel BootGuard BPM/KM Keys: 166 products”. For context, Intel Boot Guard is a hardware-based security technology that is designed to protect a system against executing tampered UEFI firmware. Seeing how they are available on the Dark Web, it has been speculated that the “released” Boot Guard keys have already been tampered with by the hacker, although to what extent is left to be determined. Matrosov suggests that the Dark Web-available keys may not be effective on MSI devices using Intel 11th Gen, 12th Gen, and 13th Gen systems.
As for MSI’s case, the company became the victim of a new ransomware gang, known as Money Message. Initial reports say that in MSI’s negotiation with Money Message, the hackers demanded that MSI give the body US$4 million (~RM17.76 million), in exchange for the approximately 1.5TB of data it had stolen from the Taiwanese brand. As it usually goes with blackmail and hostage situations, the threat actors then said that it would release the stolen files, should the demands fail to be met.
(Source: Hacker News, TechRadar)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.