Micro-Star International (MSI) announced it was hacked by the ransomware group Money Message on April 7. The computer and hardware retailer quickly advised its customers to only download firmware/BIOS updates from the official MSI website. Money Message claimed to obtain some of MSI’s source code and demanded a ransom of $4 million for its return.
The malware actor has now confirmed MSI did not pay the ransom and started publishing stolen code. Binarly sifted through the source code and found signing keys for firmware images used on 57 MSI products. The cybersecurity company also identified Intel Boot Guard private signing keys found in 116 MSI products. OEM Key Manifest and Boot Policy Manifest keys can be used to pass malicious firmware images through Intel Boot Guard’s verification. MSI is concerned that hostile actors will use these keys to install harmful updates or malware payloads in vulnerable products.
Read More:
