Last week, a report began circulating that MSI had been the victim of a cyberattack. The company was reportedly targeted by a group of cybercriminals named Money Message, which claims to be behind the attack.
Private keys used to encrypt machine identities could be in the hands of this group. At the moment, little information is given on the extent of the cyberattack. MSI simply acknowledges the attack and invites users to download its software only from its official website.
« Some MSI information systems were attacked by hackers a few days ago.” “An appropriate defense mechanism was activated after detecting a network anomaly. Currently affected, the system has gradually resumed normal operation and there is no major impact on financial activity she says.
If MSI did not dwell on the details of this cyberattack, others were more talkative. According Bleeping Computer, a news website that was able to access chat exchanges between the cybergang and employees of the Taiwanese giant, a ransom of $4 million was demanded. Moreover, Money Message threatens to expose everything online if he is not granted what he asks for within 5 days.
According to these exchanges, the hackers claim to have obtained various sensitive information from MSI, in particular CTMS and ERP data, as well as files containing the source code of its software, but also private keys as well as the BIOS of the brand.
“Tell your manager that we have the source code for MSI, including the development framework for the BIOSes, and that we have the private keys to sign any custom modules of these BIOSes and install them. “, would have indicated via message interposed a representative of Money Message to an employee of MSI.
Does this attack represent a great danger?
If the statements of this cybergang are true, the disclosure of these documents on the net could put the MSI company in danger, as well as the many customers who use the brand’s products and software.
According to Kevin Bocek, VP Ecosystem and Community at Venafi, this is a terrible scenario that could end up stalking millions of potential victims.
« The potential theft of private keys and exposure of machine identities is the biggest problem. Private keys are used to enable encryption that secures machine identities – authenticating and securing communication between machines. The stolen keys could be TLS identities. If so, this would allow malicious code from Money Message to masquerade as trusted code from MSI, opening the door for further exploitation. “, he says.
MSI is no exception when it comes to ransomware attacks. These have indeed affected several other companies such as NVIDIA, AMD and Microsoft. Fortunately, most of these attacks were unsuccessful and did not have a significant impact on these companies. It remains to know the end of the attack suffered by the Taiwanese giant.
