News Heading - 1

Private Keys From MSI Data Heist Leaked by Ransomeware Group

  • Written by Ari Denial Cybersecurity & Tech Writer

The recent cyberattack on Taiwanese PC maker, Micro-Star International (MSI) has resulted in crucial data leak, including the alleged Intel’s BootGuard private keys.

The data leak contains firmware image as well as Intel’s BootGuard private signing keys which will affect 166 MSI products, claims Alex Matrosov, founder, and CEO of Binarly Inc. He further claims that the OEM data leak will impact Intel’s entire ecosystem. As companies like Lenovo, Supermicro, HP, among others depend on Intel’s BootGuard security technology for their products.

Intel’s BootGuard is a hardware-based security technology that protects the system by blocking installation of potentially malicious software, for example, tampered UEFI/BIOS firmware. If any threat actors have access to a device’s private BootGuard key, they could easily tamper with the firmware codes and access sensitive information.

The group responsible for the attack is a recently established ransomware gang named Money Message that was first noticed in March 2023. They target mainly Windows and Linux operating systems and claim to exfiltrate the victim’s data before encrypting it. They then threaten to publish it online on their dark leak site if the ransom is not paid within the specified time.

This method of attack was used by them against MSI, and the data leak was a result of the latter’s refusal to pay the ransom of $4 Million. Following the attack, MSI disclosed that normal operations had gradually resumed with no significant impact on financial business. They also urged users to install firmware/BIOS updates only from their official website, and not files from third-party sources.

Furthermore, following last week’s data leak story, Intel has stated that it is investigating the leak associated with its BootGuard OEM signing keys. They’ve also stated that, ‘’Intel BootGuard OEM keys are generated by the system manufacturer and are not Intel signing keys.’’

“Based on our current review and investigation, Supermicro products are not affected.’’ according to the statement released by Supermicro.

News Heading - 2

Seoul’s Premier Hospital Falls Victim to North Korean Hackers, Losing 830K Data

  • Written by Ari Denial Cybersecurity & Tech Writer

According to the Korean National Police Agency (KNPA), Seoul National University Hospital (SNUH) fell victim to a cyberattack orchestrated by North Korean hackers. The incident took place between May and June of 2021 and targeted patients’ personal information and medical records.

Law enforcement has been diligently investigating the case, and based on various pieces of evidence, they have attributed the attack to North Korean threat actors. Intrusion techniques, IP addresses linked to North Korea, website registration details, and linguistic patterns utilized in the attacks all contributed to the conclusion reached by authorities.

Speculations point to the Kimsuky hacking organization as the potential culprits behind the incident, according to South Korean media. However, the police report refrains from naming any specific threat actors involved. The attack on the hospital’s internal network originated from seven servers located in South Korea and other countries.

Authorities have disclosed that a staggering 831,000 individuals had their personal information compromised as a result of the incident, with the majority being patients. Among the affected individuals, approximately 17,000 are either current or former employees of various hospitals.

In a news release, the Korean National Police Agency (KNPA) issued a warning stating that North Korean hackers could potentially target critical infrastructure across multiple sectors. The importance of implementing robust security measures such as regular patching, stringent user access management, and data encryption was strongly emphasized.

The Korean National Police Agency (KNPA) has issued a warning about safeguarding South Korea’s cyber infrastructure against state-backed cyber-attacks by enhancing information sharing and collaboration with relevant authorities. North Korean hackers have been linked to previous attacks on hospital networks to steal patient information and demand ransom payments.