MSI Users At Risk Of Rogue BIOS / Firmware Updates!

MSI users are at risk of rogue BIOS / firmware updates, after hackers got hold of its source codes, private keys and BIOS firmware!


MSI Hit By Ransomware Attack + Data Theft!

On 7 April 2023, MSI (Micro-Star International) was hit by a ransomware attack, in which the hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys and other data from its servers.

In its terse regulatory filing with the Taiwan Stock Exchange (TWSE), MSI admitted that it was hacked, but did not detail the circumstances or nature of the attack.

After detecting some information systems being attacked by hackers,MSI’s IT department has initiated information security defense mechanism and recovery procedures. The Company also has been reported the anomaly to the relevant government authorities.

MSI claimed that the attack had “[no] significant impact our business in terms of financial and operational currently“, but said that it was “enhancing the information security control measures of its network and infrastructure to ensure data security.

In a public statement, MSI also urged users to only obtain firmware / BIOS updates from its official website, and refrain from using other sources.

Read more : MSI Hit By $4 Million Ransomware Attack + Data Theft!


Stolen Data Exposes MSI Users To Rogue BIOS / Firmware Updates!

The MSI ransomware attack and data theft appear to be committed by the Money Message ransomware gang, which has threatened to release the 1.5 terabytes of critical data that it exfiltrated from MSI servers.

While MSI has apparently restored files encrypted by the ransomware, exposure of the private keys and source codes, will likely allow Money Message or other threat actors to develop rogue BIOS or firmware updates.

Installing rogue BIOS / firmware updates will give the malware the access level of a super-low-level rootkit, giving it full control over your computer, with the ability to spy on almost everything you do. Such malware will also be extremely difficult to detect and remove. After all, it boots up before the operating system!

These days, rogue BIOS or firmware updates are much less of a problem because they are usually digitally-signed by the vendor, MSI in this case. Even if threat actors distribute Trojanised downloads for MSI users, they cannot create the right digital signatures for those files.

However, now that MSI’s private keys have been stolen, they can be used to create rogue BIOS or firmware updates with authentic digital signatures! MSI users downloading and installing those updates will never know the difference.

Recommended : Can Approve New Participant block WhatsApp hackers?!

The biggest risk right now is with PC hardware enthusiasts who enjoy installing unofficial firmware updates to gain access to special settings. That is precisely why MSI is urging its users to only download files from its official website.

Of course, this assumes that the MSI download servers are secure, and have not been compromised. If the threat actors have access to the MSI download servers, they can insert Trojanised downloads with proper signatures, and MSI system administrators may be none the wiser!

Let’s hope that this incident forces MSI to take a much closer look at its cybersecurity measures, and run penetration tests to ensure that its download servers are secure. Otherwise, some threat actors will likely hit pay dirt with MSI users!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal :

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Business | ComputerTech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Leave a ReplyCancel reply