The cybercriminals who broke into MSI in early April stole the computer manufacturer’s sensitive private keys. They also made off with Intel BootGuard keys.

The hackers who broke into the systems of the computer manufacturer MSI last month have made very sensitive information public. The criminals apparently made off with the private keys that MSI uses to sign its firmware. These keys are used in 57 devices of the MSI series. Attackers can use the data to create targeted malware that appears on those devices as legitimate software. Devices across the entire product range are affected, including laptops from the Creator, Creator Pro, Prestige and Summit series.

Malware signed by the keys would easily pass through most antivirus solutions. This gives hackers the ability to install rogue firmware without ringing alarm bells.

Intel BootGuard

Not only MSI products are vulnerable after the hack. Finally, the criminals also made off with private keys for Intel BootGuard. These keys ensure that the code is verified at system startup. 116 MSI products use the keys, but other manufacturers have implemented them as well.

It’s not as if affected PCs are immediately a bird to a cat. The keys do not give attackers initial access to the systems. They are interesting for secondary attacks. Once a hacker gains access to a system, it is much easier for them to use the keys to cause further damage.