Hackers have released code signing keys stolen from PC maker MSI in an April break-in, following the company’s refusal to pay a ransom demand.
Early in April, MSI acknowledged an attack, which resulted in the theft of databases, some source code, and BIOS firmware.
At the time, MSI reminded customers to only download firmware or BIOS updates from its official website.
Late last week the attackers, who call themselves Money Message, began releasing data on the dark web, and on May 4, Alex Matrosov of supply chain security company Binarly said in a Twitter post his company had identified “a vast number of private keys that could affect numerous devices”.
Data released included firmware signing keys for 57 products, and Intel BootGuard boot policy manifest and key manifest keys for 166 products.
Binarly has posted the keys to Github, including a list of affected products.
Matrosov noted that Binarly only posted public keys in its Github repo, not the private keys taken by the hackers.
Anyone with the private keys leaked on the dark web can sign malicious BIOS and firmware for the target machines, making them appear as if they’re official versions.
