MSI's Private Code Signing Keys Leaked on Dark Web.
Originally Published 2 years ago — by The Hacker News
Private code signing keys of Taiwanese PC maker MSI have been leaked on the dark web by the threat actors behind the ransomware attack on the company last month. The leaked data includes firmware image signing keys associated with 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products, which could impact several device vendors, including Intel, Lenovo, and Supermicro. The leak poses significant risks as threat actors could use them to sign malicious updates and other payloads and deploy them on targeted systems without raising any red flags.