Data breach alert: Intel confronts massive security incident
MSI lost up to 1.5TB of sensitive data due to a security compromise, but it is not the only company facing issues. Because of the MSI data breach back in March, Intel is also in danger due to a leak of Intel Boot Guard keys.
The Money Message gang attacked MSI around two months ago and stole sensitive information, including the firmware source code of MSI motherboards. The incident also affected other companies, including Intel, as the company detected a leak of Boot Guard keys. We still don't know the exact extent of the leak, but it could lead up to major issues, as now the feature might be useless on many devices.
According to Alex Matrosov, CEO of the security platform Binarly, the stolen data may have included very sensitive and important data, including Intel Boot Guard private keys for 116 MSI products and FW Image Signing keys for 57 products. Binarly also tweeted that the data breach has affected multiple technology companies, including Intel, Lenovo, Supermicro, and a couple more. Matrosov also added that the Boot Guard might now work properly in some of Intel's popular processors, including Tiger Lake, Alder Lake, and Raptor Lake chips running on MSI-based devices.
??Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry.
?Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel , @Lenovo, @Supermicro_SMCI, and many others industry-wide.
?#FwHunt is on! https://t.co/NuPIUJQUgr pic.twitter.com/ZB8XKj33Hv
— BINARLY? (@binarly_io) May 5, 2023
“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data, including MSI OEM Signing Keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys," a spokesperson at Intel said in a statement to Bleeping Computer.
How did the Intel data breach start?
It all goes back to the cyberattack that targeted MSI back in March. A group of hackers came together to hack the company and stole sensitive data of up to 1.5TB. The group demanded $4 million from MSI to not leak anything to the public, which MSI refused to pay. As a result, hackers started leaking the firmware source code of MSI's motherboards.
Because of the data breach, Intel has also been affected, and now it is their issue too. Intel Boot Guard prevents malicious software from being loaded on Intel devices. If threat actors obtain these keys, they may be able to construct strong malware capable of bypassing Intel's safety features.
Advertisement
MSI in my experience dealing with that company makes me cringe. Not at all surprised they were targeted and hacked.
Just stablish an upload external speed of 1Kb/s and it’s done!
So, why weren’t these private keys stored on an air-gapped system?