MSI cautions users following cyber attack

MSI cautions users following cyber attack

MSI’s warns users against downloading updates from unofficial sources

MSI, the producer of motherboards, graphics cards, laptops, and other gaming/PC products, has confirmed that they have been the victim of a cyberattack on “part of its information systems”. 

With their statement on the attack, which can be read below, MSI has warned its customers against downloading BIOS/firmware updates for its products from unofficial sources, stating that only its official website is a legitimate source for these updates. 

This statement implies that stolen data from MSI can be used to create illegitimate BIOS or firmware updates, which can be used to compromise MSI systems. Bleeping computer has claimed that a ransomware group called Money Message have stolen source code that can develop BIOS files and 1.5TB of data in total.

    MSI recently suffered a cyberattack on part of its information systems. Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business.

MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.

MSI is committed to protecting the data security and privacy of consumers, employees, and partners, and will continue to strengthen its cybersecurity architecture and management to maintain business continuity and network security in the future.

MSI cautions users following cyber attack

Based on MSI’s warning, users of the company’s products should avoid all BIOS or firmware updates from unofficial sources. Downloading these files from other sources could result in your system becoming compromised. Currently, it is unknown if any customer or employee data was stolen from MSI, though MSI has stated that they are “committed to protecting” this data. 

You can join the discussion on MSI’s cyberattack on the OC3D Forums.