One-sentence summary:
Intel BootGuard private keys for MSI devices were compromised during the Money Message’s ransomware attack on MSI.
Who was involved?
Intel (as a vendor), MSI (Micro-Star International Co., Ltd), and the Money Message ransomware gang.
What was the timeline?
April 5, 2023: Money Message publishes extortion/ransom countdown timer on its website (Toulas, 2023)
April 7, 2023: MSI publishes a statement on its website about its cyberattack
May 1, 2023: Approximately when Money Message began leaking MSI and Intel data
What occurred?
Intel processors were caught up as a vendor in a data breach that affected MSI by the Money Message ransomware gang in April 2023 (Abrams, 2023; Fisher, 2023). Intel has clarified that the Intel BootGuard OEM keys from MSI are compromised and not Intel’s central signing keys (Abrams, 2023). Thus, the breach impacts MSI devices with Intel processors from generations 11-13 (Abrams, 2023; Montalbano, 2023). Potentially rogue firmware updates could be digitally signed from the compromised keys and be installed on victim machines to maintain indefinite persistence, hence why MSI is advising users to only obtain official firmware updates (Montalbano, 2023; MSI, 2023).
Estimated costs:
Incident response costs, potential business continuity response to the leaks to preserve BootGuard integrity
Involved laws:
TBA or N/A (see disclaimer)
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
Abrams, L. (2023, May 9). Intel investigating leak of Intel Boot Guard private keys after MSI breach. BleepingComputer. https://www.bleepingcomputer.com/news/security/intel-investigating-leak-of-intel-boot-guard-private-keys-after-msi-breach/
Fisher, D. (2023, May 9). Intel BootGuard, Firmware Signing Keys Found in MSI Data Leak. Decipher. Retrieved May 15, 2023, from https://duo.com/decipher/intel-bootguard-firmware-signing-keys-found-in-msi-data-leak
Montalbano, E. (2023, May 10). Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years. Dark Reading. https://www.darkreading.com/attacks-breaches/leak-of-intel-boot-guard-keys-could-have-security-repercussions-for-years
MSI. (n.d.). msi-dragon-logo-wallpaper-preview.jpg. wallpaperflare.com. https://www.wallpaperflare.com/static/179/258/486/msi-dragon-logo-wallpaper-preview.jpg
MSI. (2023, April 7). MSI Global – The Leading Brand in High-end Gaming & Professional Creation. MSI Statement. Retrieved May 15, 2023, from https://www.msi.com/news/detail/MSI-Statement-141688
Toulas, B. (2023, April 6). Money Message ransomware gang claims MSI breach, demands $4 million. BleepingComputer. https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/