MSI hit in cyberattack, warns against installing knock-off firmware

2023-04-07 23:26

Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device's firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack.

In a statement shared on Friday, MSI urged users "To obtain firmware/BIOS updates only from its official website," and to avoid using files from other sources.

As reported earlier this week, a group of ne'er-do-wells known as Money Message bragged on their dark-web site what they claimed to be screenshots of MSI's CTMS and ERP databases, as well as source code, private keys, and BIOS firmware.

Assuming the miscreants haven't poisoned MSI's downloads, you'll really want to avoid installing what turns out to be malware at the firmware level and instead stick to the official updates.

In its statement, MSI did not address the extent of the security breach, nor what was stolen, stating only that it "Detected network anomalies," and its IT department "Activated relevant defense mechanisms and carried out recovery measures."

The Register reached out to MSI for comment; we'll let you know if we hear anything back.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/07/msi_cyberattack_bios/

#cyberattack #firmware #MSI

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
MSI		7	0	5	6	0	11