Contrary to the company’s claims that there was no significant damage to the business, MSI’s April 2023 ransomware attack that resulted in a data breach has likely leaked Intel’s private signing keys and boot guard, according to a cybersecurity researcher who sifted through the leaked data.
On May 4, 2023, Alex Matrosov CEO of Binarly tweeted that the data has been made public and revealed a vast number of private keys were leaked in the data breach which could affect many devices. Leaked FW signing keys affect 57 products and the leaked Intel BootGuard BPM/KM keys affect 166 products of the company.
Matrosov also explained that the MSI data breach can have a significant impact on the industry, the leaked Intel BootGuard keys leaked in the MSI data breach are affecting many different device vendors, including Intel, Supermicroz, Lenovo and many others.
He also explained that the Intel BootGuard leaked keys might not be effective on the devices based on 11th Tiger Lake, 12th Adler Lake and 13th Raptor Lake.
Intel BootGurad functions as a safeguard that operates in a similar manner to Secure Boot. However, its distinctive feature is that it necessitates an Authenticated Code Module that Intel must sign using cryptographic means. Its purpose, as defined by ServeTheHome, is to provide protection against system tampering. The leaked keys could mean that perpetrators may sign in to systems, thereby acquiring access to a system that was deemed secure.
The ransomware attack on MSI has had a substantial impact on their business. While it remains unclear whether the leaked keys are genuine, cybersecurity specialists are investigating the matter. This occurrence should serve as a wake-up call to businesses to enhance their cybersecurity measures and safeguard their systems against ransomware attacks.
Also read: Google to redo its search engine with Magi