Threat Actor: Money Message | Money Message
Victim: MSI | MSI
Price: $4 million ransom
Exfiltrated Data Type: Source code
Additional Information:
- The cyberattack was perpetrated by the ransomware group Money Message.
- The attack targeted MSI’s internal systems and exfiltrated 1.5TB of data, mainly comprising source code.
- Ransomware groups typically exfiltrate data before encrypting it to use as leverage against victims.
- Money Message demanded a $4 million ransom from MSI.
- Some of the stolen data has already surfaced online, indicating that MSI has not paid the ransom.
- The Intel OEM private key was leaked as a result of the MSI data breach.
- The leaked private keys pertain to Intel Boot Guard digital signatures, which ensure that computers only run verified programs before booting.
- The leaked keys affect Intel’s 11th, 12th, and 13th generation processors and were distributed to various OEMs, including Intel itself, Lenovo, and Supermicro.
- The leaked Intel Boot Guard BPM/KM keys impact at least 166 MSI products, with the extent of the damage to other products unknown.
- Previous incidents involving partial key leaks have occurred in relation to Intel Boot Guard private keys.
- If these private keys have been used in production environments, they could allow attackers to modify firmware boot policies and bypass hardware security measures.
- Neither MSI nor Intel has issued statements on the matter, leaving the full extent of the private key leaks unclear.
- The hackers may be gradually releasing data to pressure MSI into paying the ransom, indicating that more data may be disclosed in the future.
In April, MSI fell victim to a cyberattack perpetrated by the ransomware group Money Message, who successfully infiltrated MSI’s internal systems and exfiltrated a staggering 1.5TB of data, predominantly comprising source code.
Nowadays, ransomware typically exfiltrates data before encrypting it, using the stolen information as leverage against victims who are unwilling to pay the ransom or seek to restore their systems from backups. In the absence of ransom payments, the data is then released publicly.
Money Message demanded a $4 million ransom from MSI, and it appears that MSI has not paid, as some of the stolen data has already surfaced online.
The MSI data breach led to the leakage of the Intel OEM private key, which could significantly undermine UEFI’s secure boot security.
It has been confirmed that the private key (KeyManifest) provided by Intel to OEMs has been leaked. These keys pertain to Intel Boot Guard digital signatures, a processor feature designed to ensure that computers only run verified programs before booting.
In essence, this concerns UEFI secure boot, a mechanism that validates programs prior to operating system startup to prevent malware from running.
The leaked private keys affect Intel’s 11th, 12th, and 13th generation processors and were distributed to various OEMs, including Intel itself, Lenovo, and Supermicro.
According to security research firm Binarly, the leaked Intel Boot Guard BPM/KM keys impact at least 166 MSI products, with the extent of the damage to other products currently unknown.
Instances of leaks involving Intel Boot Guard private keys have occurred previously, with at least two separate incidents last year involving partial key leaks.
Theoretically, if these private keys have been employed in production environments, they could pose significant threats, allowing malefactors to modify firmware boot policies and bypass hardware security measures.
Neither MSI nor Intel has issued statements on the matter, leaving the full extent of the private key leaks unclear. It is possible that the hackers are gradually releasing data to pressure MSI into paying the ransom, which suggests that more data is likely to be disclosed in the future.
Original Source: https://securityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-security/