Thanks for sharing @Marina Bregkou ! Seems that the key management procedures followed where poor (key exportable/not-residing in an HSM).
Reminds me of https://techcrunch.com/2023/01/14/circleci-hackers-stole-customer-source-code/
And maybe the stolen MSI key is an indicator of compromise of a larger attack targeting MSI...
------------------------------
Thanos Vrachnos OffensiveOps | PKI & eID Subject-matter Expert
SPEARIT
Greece, Thessaloniki
------------------------------
Original Message:
Sent: May 22, 2023 09:25:19 AM
From: Marina Bregkou
Subject: FYI- Article about 'Micro-Star International Signing Key Stolen'
Dear members,
I'm sharing here with you an article by Bruce Schneier sent to me by my colleague Erik.
Article's title: 'Micro-Star International Signing Key Stolen'.
Any thoughts?
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------