Cyber attack on MSI (April 2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]Taiwan-based manufacturer MSI (Micro-Star International) has admitted to a cyberattack on part of its IT network as of April 7, 2023. Earlier this week, the ransomware gang called Money Message infiltrated some of MSI's systems, according to its own statement. The group threatened to release captured files on the Internet next week if no ransom was paid by MSI.


Blog reader Heiko A. informed by email (thanks for that) that he came across the following press release via MSI's global website:

MSI Statement – April 07, 2023

MSI recently suffered a cyberattack on part of its information systems. Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business.

MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.

MSI is committed to protecting the data security and privacy of consumers, employees, and partners, and will continue to strengthen its cybersecurity architecture and management to maintain business continuity and network security in the future.

However, the content of the press release is poor. It only admits that a "part of the information systems was attacked". This was noticed by "network anomalies". It is suspicious that users should only download firmware/BIOS updates from the official websites. It suggests that source codes from this area might have been captured.

The colleagues from Bleeping Computer then point out in this article that the Money Message ransomware gang allegedly successfully infiltrated some of MSI's systems earlier this week. The group threatens to release captured files on the Internet next week if no ransom is paid by MSI. However, MSI refused to pay the $4 million ransom demanded for this extortion.

PC Mag also reports that MSI is concerned that hackers could circulate malicious versions of the company's BIOS software. The ransomware gang Money Message claims to have stolen the PC manufacturer's source code. The PC Mag post includes screenshots that the hackers allegedly published.

According to chats between the ransomware gang and an MSI representative that BleepingComputer was able to view, the threat actors demanded a ransom payment of $4,000,000 and claimed to have stolen about 1.5 TB worth of documents from MSI's network. The threat actors listed MSI on their data leak site and have so far only released screenshots of the PC manufacturer's enterprise resource planning (ERP) databases, as well as files containing software source code, private keys and BIOS firmware. The ransomware group threatens to release the files unless a ransom is paid.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *