Money Message gang leaked private code signing keys from MSI data breach

1 year ago 80
BOOK THIS SPACE FOR AD
ARTICLE AD

The ransomware gang behind the attack on Taiwanese PC maker MSI leaked the company’s private code signing keys on their darkweb leak site.

In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. MSI is headquartered in Taipei, Taiwan.

The ransomware group added the company to the list of victims on its Tor leak site, it claimed to have stolen the source code from the company, including a framework to develop bios, and private keys.

MSI confirmed the security breach, it revealed that threat actors had access to some of its information service systems.

The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom.

Now the ransomware gang has leaked the company’s private code signing keys on their darkweb leaksite.

MSI data leak

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. The expert warns of the potential impact of such a leak and recommends conducting a careful analysis to determine the scope of the leak.

⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates. https://t.co/rkxZIpReE8 pic.twitter.com/fLopw1qeSD

— Alex Matrosov (@matrosov) May 5, 2023

This is the case, where it's crucial to analyze the impact accurately without overhyping it. This is only the beginning of the supply chain issues and the related challenges we need to deal with.

Previously we already described the BG pkeys leak impact.https://t.co/bCJstEroii pic.twitter.com/lX7T8fvIsC

— Alex Matrosov (@matrosov) May 7, 2023

The popular cryptographer and security technologist Matthew Green expressed his disappointment at the leak of such sensitive information and criticized the measures taken by the company to protect them.

How do you leak an OEM private key for a trusted boot system. What kind of incompetence leads to that key ever being in a place where it can leak. And if that key can leak, what secret keys aren’t going to leak? https://t.co/6uzDHI0aVQ

— Matthew Green (@matthew_d_green) May 6, 2023

The data leak includes code signing keys associated with tens of PCs and private signing keys for Intel Boot Guard which is used on more than one hundred MSI products.

According to Binarly, the exposed devices include multiple MSI laptop model series, including Stealth, Creator, Crosshair, Katana, Modern, Prestige, Pulse, Raider, Sword, Summit, Vector.

The experts warn of a potential supply chain attack because the Boot Guard keys from MSI are used by many other vendors, including Intel and Lenovo.

The availability of code signing keys can allow threat actors to sign malicious code that can be executed on targeted systems bypassing security measures in place.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)




Read Entire Article