Money Message gang leaked private code signing keys from MSI data breach

The ransomware gang behind the attack on Taiwanese PC maker MSI leaked the company’s private code signing keys on their darkweb leak site.

In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. MSI is headquartered in Taipei, Taiwan.

The ransomware group added the company to the list of victims on its Tor leak site, it claimed to have stolen the source code from the company, including a framework to develop bios, and private keys.

MSI confirmed the security breach, it revealed that threat actors had access to some of its information service systems.

The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom.

Now the ransomware gang has leaked the company’s private code signing keys on their darkweb leaksite.

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. The expert warns of the potential impact of such a leak and recommends conducting a careful analysis to determine the scope of the leak.

The popular cryptographer and security technologist Matthew Green expressed his disappointment at the leak of such sensitive information and criticized the measures taken by the company to protect them.

The data leak includes code signing keys associated with tens of PCs and private signing keys for Intel Boot Guard which is used on more than one hundred MSI products.

According to Binarly, the exposed devices include multiple MSI laptop model series, including Stealth, Creator, Crosshair, Katana, Modern, Prestige, Pulse, Raider, Sword, Summit, Vector.

The experts warn of a potential supply chain attack because the Boot Guard keys from MSI are used by many other vendors, including Intel and Lenovo.

The availability of code signing keys can allow threat actors to sign malicious code that can be executed on targeted systems bypassing security measures in place.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.