Pierluigi Paganini
May 08, 2023
In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. MSI is headquartered in Taipei, Taiwan.
The ransomware group added the company to the list of victims on its Tor leak site, it claimed to have stolen the source code from the company, including a framework to develop bios, and private keys.
MSI confirmed the security breach, it revealed that threat actors had access to some of its information service systems.
The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom.
Now the ransomware gang has leaked the company’s private code signing keys on their darkweb leaksite.
The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. The expert warns of the potential impact of such a leak and recommends conducting a careful analysis to determine the scope of the leak.
⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates. https://t.co/rkxZIpReE8 pic.twitter.com/fLopw1qeSD
— Alex Matrosov (@matrosov) May 5, 2023
This is the case, where it's crucial to analyze the impact accurately without overhyping it. This is only the beginning of the supply chain issues and the related challenges we need to deal with.
— Alex Matrosov (@matrosov) May 7, 2023
Previously we already described the BG pkeys leak impact.https://t.co/bCJstEroii pic.twitter.com/lX7T8fvIsC
The popular cryptographer and security technologist Matthew Green expressed his disappointment at the leak of such sensitive information and criticized the measures taken by the company to protect them.
How do you leak an OEM private key for a trusted boot system. What kind of incompetence leads to that key ever being in a place where it can leak. And if that key can leak, what secret keys aren’t going to leak? https://t.co/6uzDHI0aVQ
— Matthew Green (@matthew_d_green) May 6, 2023
The data leak includes code signing keys associated with tens of PCs and private signing keys for Intel Boot Guard which is used on more than one hundred MSI products.
According to Binarly, the exposed devices include multiple MSI laptop model series, including Stealth, Creator, Crosshair, Katana, Modern, Prestige, Pulse, Raider, Sword, Summit, Vector.
The experts warn of a potential supply chain attack because the Boot Guard keys from MSI are used by many other vendors, including Intel and Lenovo.
The availability of code signing keys can allow threat actors to sign malicious code that can be executed on targeted systems bypassing security measures in place.
We are in the final!
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini
Please nominate Security Affairs as your favorite blog.
Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
