April 11, 2023

MSI has warned its customers to be careful when updating firmware or BIOS for their MSI-brand motherboards, GPUs, notebooks, PCs, and other devices. The warning comes after the company suffered a cyberattack, the extent of which is unknown.

In a statement, the company urged users to obtain firmware and BIOS updates only from its official website and to avoid using files from other sources.

The reason behind the warning is reportedly related to the types of data that were allegedly stolen during the attack. A group of hackers known as Money Message claimed to have screenshots of MSI’s CTMS and ERP databases, source code, private keys, and BIOS firmware. This information could be used to create malicious firmware clones that could trick users into installing them.

According to the hackers, they have all the tools necessary to develop potentially malicious BIOS and then digitally sign it so that it appears legitimate and can be installed on victims’ PCs once they’re lured into downloading it. MSI customers are advised to avoid installing any firmware that turns out to be malware and stick to official updates.

The group has threatened to release this data, allegedly totaling 1.5TB, unless MSI pays a $4 million ransom within the next few days. In its statement, MSI did not address the extent of the security breach or what was stolen, stating only that it “detected network anomalies,” and its IT department “activated relevant defense mechanisms and carried out recovery measures.”

MSI reported the intrusion to the police and cybersecurity agencies and downplayed any potential repercussions, stating that it had returned to normal operations and didn’t anticipate any “significant impact” to its financials. However, it’s not clear whether customer data was compromised in the network breach.

The sources for this piece include an article in TheRegister.