The cybercriminals responsible for last month’s ransomware attack on Taiwanese computer manufacturer MSI have now published the company’s private code encryption keys on their dark web portal.
“Confirmed, Intel OEM private key leaked, leading to repercussions across the entire ecosystem,” Alex Matrosov, founder and CEO of firmware security company Binarly, tweeted this past weekend.
“It seems that Intel Boot Guard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake.”
The leaked information includes firmware image encryption keys connected with 57 PCs and private signing keys for Intel Boot Guard utilized on 116 MSI products. The leaked Boot Guard keys from MSI are suspected to affect numerous device manufacturers, including Intel, Lenovo, and Supermicro.
Intel Boot Guard is a hardware-oriented security feature designed to safeguard computers from running altered UEFI firmware.
This disclosure follows a month after MSI was targeted by a double extortion ransomware attack carried out by a new cybercrime group named Money Message.
MSI Cyberattack MSI stated in a regulatory filing at the time, “the affected systems have gradually resumed normal operations, with no significant impact on financial business.” However, it advised users to source firmware/BIOS updates exclusively from its official website and avoid downloads from alternative sources.
The leak of the Intel Boot Guard keys poses substantial threats as it compromises a critical firmware integrity check. This could potentially enable cybercriminals to sign harmful updates and other payloads, deploying them on targeted systems without triggering any warnings.
Additionally, MSI issued another advisory warning users to remain vigilant against deceptive emails targeting the online gaming community, purporting to be from the company with offers of potential collaboration.
This isn’t the first instance of UEFI firmware code becoming public. In October 2022, Intel confirmed the leak of Alder Lake BIOS source code by a third party, which also included the private signing key used for Boot Guard.
Supermicro Products Not Affected Following the story’s release, Supermicro informed The Hacker News that it had assessed the risks associated with the leaked Intel Boot Guard keys and found its products to be unaffected.
“Based on our current review and investigation, Supermicro products are not affected,” a representative for the San Jose-based firm stated.
“Intel is aware of these reports and actively investigating,” the chipmaker told The Hacker News in a response.
“Researcher claims have surfaced that private signing keys are included in the data, including MSI OEM Signing Keys for Intel Boot Guard. It’s important to clarify that Intel Boot Guard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”