Official forum for Utopia Community
You are not logged in.
The private code signing keys for Taiwanese PC manufacturer MSI were exposed on a dark website by the threat actors who launched the ransomware attack on the company last month.
Alex Matrosov, founder and CEO of firmware security company Binarly, tweeted over the weekend, "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem.".
"It appears that some devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake may not be protected by Intel Boot Guard. ".
Firmware image signing keys for 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products can both be found in the leaked data. Several device manufacturers, including Intel, Lenovo, and Supermicro, are thought to be impacted by the MSI Boot Guard keys.
A hardware-based security technology called Intel Boot Guard is intended to prevent computers from running tampered UEFI firmware. The change occurs a month after MSI was the target of a double extortion ransomware attack launched by a brand-new ransomware gang known as Money Message.
At the time, according to MSI's regulatory filing, "the affected systems have gradually resumed normal operations, with no noticeable impact on financial business. However, it advised users to avoid downloading files from unofficial websites and to only get firmware and BIOS updates from the company's official website.
Significant risks arise from the keys' leak because threat actors could use them to sign malicious updates and other payloads and then deploy them on targeted systems without triggering any alarms.
It also comes after another warning from MSI advising users to watch out for scam emails that target the online gaming community and falsely identify themselves as coming from the business under the guise of a potential partnership.
The public has previously had access to UEFI firmware code. The leak of the private signing key used for Boot Guard as well as the Alder Lake BIOS source code by a third party was acknowledged by Intel in October 2022.
Offline