Security News > 2022 > January > New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks

New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks
2022-01-06 20:42

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.

The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity firm Amnpardaz this week.

Besides managing the servers, the fact that iLO modules have broad access to all the firmware, hardware, software, and operating system installed on the servers make them an ideal candidate to breach organizations using HP servers, while also enabling the malware to maintain persistence after reboots and survive OS reinstallations.

Dubbed iLOBleed, the rootkit has been put to use in attacks since 2020 with the goal of manipulating a number of original firmware modules in order to stealthily obstruct updates to the firmware.

Specifically, the modifications made to the firmware routine simulates the firmware upgrade process - by purportedly displaying the right firmware version and adding relevant logs - when in reality no updates are performed.

The development once again brings firmware security into sharp focus, necessitating that firmware updates shipped by the manufacturer are promptly applied to mitigate potential risks, iLO networks are segmented from the operating networks, and that the firmware is periodically monitored for signs of infection.


News URL

https://thehackernews.com/2021/12/new-ilobleed-rootkit-targeting-hp.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
HP 6795 19 248 488 234 989