The news is out that computer maker MSI might have been pwned by a new group called the Money Message ransomware gang. And the gang is looking for a big payday:
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as “Money Message,” which claims to have stolen source code from the company’s network.
MSI is a global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with an annual revenue that surpasses $6.5 billion.
The threat actor has listed MSI on its data leak website and posted screenshots of what they claim to be the hardware vendor’s CTMS and ERP databases and files containing software source code, private keys, and BIOS firmware.
Money Message now threatens to publish all these allegedly stolen documents in about five days unless MSI meets its ransom payment demands.
The gang wants $4 million from MSI, and it isn’t clear if the gang will, or is even able to follow through on its threats. But Kevin Bocek, VP Ecosystem and Community at Venafi had this comment on the news:
“It’s early days, but if these claims are true, this theft could have severe ramifications for MSI. By stealing source code, a group can modify it and create their own variations, eventually helping form the foundation for developing their own ransomware variant and laying the seeds for future attacks.
“But the potential theft of private keys and exposure of machine identities is the biggest issue. Private keys are used to enable the encryption that secures machine identities – authenticating and securing communication between machines. The keys stolen could be code signing TLS machine identities. If so, these would allow the Money Message’s nefarious code to masquerade as MSI’s trusted code, opening the door for further exploitation.”
“If these keys are confirmed to be compromised, it’s essential that MSI acts quickly to understand which systems have been impacted and rotate any impacted keys. A machine identity control plane can play a vital role in achieving this, by helping manage the life cycle of all machines on a network and providing visibility into existing identities.”
I guess we will see in the coming days if this claim is true or not. If it is true, it could have massive ramifications for users of MSI hardware, or perhaps even beyond.
Like this:
Like Loading...
Related
This entry was posted on April 7, 2023 at 8:17 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
MSI Has Possibly Been Pwned By A Ransomware Gang And They Want To Get Paid
The news is out that computer maker MSI might have been pwned by a new group called the Money Message ransomware gang. And the gang is looking for a big payday:
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as “Money Message,” which claims to have stolen source code from the company’s network.
MSI is a global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with an annual revenue that surpasses $6.5 billion.
The threat actor has listed MSI on its data leak website and posted screenshots of what they claim to be the hardware vendor’s CTMS and ERP databases and files containing software source code, private keys, and BIOS firmware.
Money Message now threatens to publish all these allegedly stolen documents in about five days unless MSI meets its ransom payment demands.
The gang wants $4 million from MSI, and it isn’t clear if the gang will, or is even able to follow through on its threats. But Kevin Bocek, VP Ecosystem and Community at Venafi had this comment on the news:
“It’s early days, but if these claims are true, this theft could have severe ramifications for MSI. By stealing source code, a group can modify it and create their own variations, eventually helping form the foundation for developing their own ransomware variant and laying the seeds for future attacks.
“But the potential theft of private keys and exposure of machine identities is the biggest issue. Private keys are used to enable the encryption that secures machine identities – authenticating and securing communication between machines. The keys stolen could be code signing TLS machine identities. If so, these would allow the Money Message’s nefarious code to masquerade as MSI’s trusted code, opening the door for further exploitation.”
“If these keys are confirmed to be compromised, it’s essential that MSI acts quickly to understand which systems have been impacted and rotate any impacted keys. A machine identity control plane can play a vital role in achieving this, by helping manage the life cycle of all machines on a network and providing visibility into existing identities.”
I guess we will see in the coming days if this claim is true or not. If it is true, it could have massive ramifications for users of MSI hardware, or perhaps even beyond.
Share this:
Like this:
Related
This entry was posted on April 7, 2023 at 8:17 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.