cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

MSI hack gets worse as private code signing keys leaked by hackers

After suffering a ransomware attack last month, PC company MSI refused to pay the demanded ransom — and now the hackers have begun to retaliate by leaking private code signing keys that affect a raft of its PC hardware.

user icon David Hollingworth
Tue, 09 May 2023
MSI hack gets worse as private code signing keys leaked by hackers
expand image

The Money Message ransomware gang demanded US$4 million from MSI, which was clearly not forthcoming. Money Message said it would begin leaking data if the ransom was not paid within six days, and it seems the group is sticking to its word.

“Say [to] your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios,” a Money Message representative told MSI during negotiations.

Analysis of the leaked data by supply chain security company Binarly revealed firmware image signing keys for 57 products and Intel Boot Guard BPM/KM Keys for another 166 products. The leak affects more than just MSI hardware, too.


“Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry,” Binary said via a Twitter post. “Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel, @Lenovo, @Supermicro_SMCI, and many others industry-wide.”

One security researcher has quipped that there is only one solution to such a breach — burn it all.

“This is huge, private part of keys that are the root of trust for the entire boot process are compromised forever, because they are burnt into the ACM hardware and thus they cannot be replaced,” said security specialist Francisco Falcon on Twitter.

“Proposed action: burn your computers to the ground.”

The leaked keys could, in theory, allow malicious actors to sign compromised firmware updates that can bypass Intel Boot Guard’s verification system.

MSI has not yet commented on the leak nor on what steps it is taking to mitigate the incident. Cyber Security Connect has reached out to the company for comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.