One cybersecurity researcher, Alex Matrosov, discovered that Intel’s BootGuard private keys, which were stolen from the MSI ransomware attack, had already been leaked online, and posted his finding on Twitter. “Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem,” Mastrosov tweeted.
— Alex Matrosov (@matrosov) May 5, 2023 “The data has now been made public, revealing a vast number of private keys that could affect numerous devices,” he further tweeted. “FW Image Signing Keys: 57 products; Intel BootGuard BPM/KM Keys: 166 products”. For context, Intel Boot Guard is a hardware-based security technology that is designed to protect a system against executing tampered UEFI firmware. Seeing how they are available on the Dark Web, it has been speculated that the “released” Boot Guard keys have already been tampered with by the hacker, although to what extent is left to be determined. Matrosov suggests that the Dark Web-available keys may not be effective on MSI devices using Intel 11th Gen, 12th Gen, and 13th Gen systems. As for MSI’s case, the company became the victim of a new ransomware gang, known as Money Message. Initial reports say that in MSI’s negotiation with Money Message, the hackers demanded that MSI give the body US$4 million (~RM17.76 million), in exchange for the approximately 1.5TB of data it had stolen from the Taiwanese brand. As it usually goes with blackmail and hostage situations, the threat actors then said that it would release the stolen files, should the demands fail to be met. (Source: Hacker News, TechRadar)
