MSI Cyberattack: Users Warned to Update Firmware from Official Sources Only

MSI, a leading manufacturer of motherboards, GPUs, notebooks, PCs, and other equipment, has recently suffered a cyberattack that may have compromised its firmware and BIOS updates. The company issued a statement on Friday, urging users to exercise caution when updating their devices and to obtain updates only from the official MSI website.

In their statement, MSI did not discuss the scope of the security breach or the nature of the stolen data. Instead, they mentioned detecting “network anomalies” and activating “relevant defense mechanisms and recovery measures” through their IT department. The company reported the intrusion to law enforcement and cybersecurity agencies, while downplaying potential consequences. They stated that normal operations had resumed and they didn’t expect any “significant impact” on their financials. However, it remains unclear whether customer data was compromised during the breach.

The warning comes after a group of hackers known as Money Message claimed to have stolen sensitive information from MSI, including screenshots of the company’s CTMS and ERP databases, source code, private keys, and BIOS firmware. These materials could be used to create malicious firmware clones that appear legitimate and could be installed on victims’ devices if they are tricked into downloading them.

Per BleepingComputer report, Money Message first came to light last weekend when they were identified as the potential perpetrator behind the high-profile computer hardware vendor breach. In chats seen by BleepingComputer, the threat actors demanded a $4 million ransom, claiming to have stolen roughly 1.5TB worth of documents from MSI’s network. The group has threatened to release the allegedly stolen files next week if their ransom demands are not met. The hackers have listed MSI on their data leak site, sharing screenshots of what they claim to be the PC maker’s Enterprise Resource Planning (ERP) databases and files containing software source code, private keys, and BIOS firmware.

While it is not uncommon for custom BIOS firmware to be available on enthusiast forums, the recent cyberattack on MSI highlights the importance of obtaining firmware and BIOS updates only from trusted sources. Users are strongly advised to avoid using files from other sources and to stick to the official updates provided by MSI.

We have contacted MSI for a statement, and we will provide updates as soon as we receive any information.