The confidential code signing keys for Taiwanese PC manufacturer MSI were exposed on a darkweb leak site used by the ransomware group that attacked the firm.
It claimed to have taken private keys and a framework for creating bios from the company along with the source code.
The expert cautions about the potential effects of such a leak and suggests carrying out a careful examination to ascertain the extent of the leak.
Source: https://securityaffairs.com/145940/data-breach/msi-data-breach-key-leaked.html
TPRM report: https://scoringcyber.rankiteo.com/company/tsmc
"id": "tsm223728523",
"linkid": "tsmc",
"type": "Data Leak",
"date": "05/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology',
'location': 'Taiwan',
'name': 'MSI',
'type': 'PC Manufacturer'}],
'attack_vector': 'Darkweb Leak',
'data_breach': {'type_of_data_compromised': ['Code Signing Keys',
'BIOS Framework',
'Source Code']},
'description': 'The confidential code signing keys for Taiwanese PC '
'manufacturer MSI were exposed on a darkweb leak site used by '
'the ransomware group that attacked the firm. It claimed to '
'have taken private keys and a framework for creating bios '
'from the company along with the source code. The expert '
'cautions about the potential effects of such a leak and '
'suggests carrying out a careful examination to ascertain the '
'extent of the leak.',
'impact': {'data_compromised': ['Code Signing Keys',
'BIOS Framework',
'Source Code']},
'recommendations': ['Carry out a careful examination to ascertain the extent '
'of the leak.'],
'threat_actor': 'Ransomware Group',
'title': 'MSI Code Signing Keys Exposed on Darkweb',
'type': 'Data Breach'}