MSI Ransomware Attack Takes a New Turn with Leaked Code Signing Keys on Dark Web


Recently, the cybercriminals behind the ransomware attack on Taiwanese computer hardware maker MSI leaked the company's private code signing keys on the Dark Web. The leaked data includes firmware image signing keys for 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products. According to cybersecurity experts, the Boot Guard keys from MSI could impact several device vendors, including Intel, Lenovo, and Supermicro.

Intel Boot Guard is a hardware-based security technology designed to protect computers from executing tampered UEFI firmware. The leak of the keys poses significant risks, as hackers could use them to sign malicious updates and other payloads and deploy them on targeted systems without raising any red flags.

The leak of MSI's private code signing keys is a significant development that could have far-reaching consequences for the tech industry. The impact could be felt across the ecosystem, from individual users to large enterprises. The leaked keys could be used to sign malware with MSI's digital signature, bypassing security measures put in place to detect and prevent malicious software. This could potentially lead to widespread malware infections, data breaches, and other cyber attacks that could affect millions of users worldwide.

It is important for companies to take cybersecurity seriously and implement robust security measures to protect their assets, including code signing keys. Users are advised to obtain firmware/BIOS updates only from official websites and refrain from downloading files from other sources. It is also crucial for companies to collaborate and share information to prevent and mitigate cyber attacks.

This is not the first time that UEFI firmware code has entered the public domain. In October 2022, Intel acknowledged the leak of Alder Lake BIOS source code by a third party, which also included the private signing key used for Boot Guard. The recent leak of MSI's private code signing keys serves as another stark reminder of the importance of cybersecurity and the need for companies to take proactive steps to protect their assets and prevent cyber attacks.

Post a Comment (0)
Previous Post Next Post