Not long ago, researchers at Eclypsium got a lucky break.  An unknown and unidentified individual began leaking communications from inside the Conti ransomware organization.

These leaked communications seemed to confirm what has long been suspected:  That there are strong ties between the Conti gang and Russia's FSB (military intelligence).

This sounds like something right out of a spy movie, but it's not.  The leaked messages indicate that several members of the Conti gang have been actively working on developing a new attack vector that specifically targets Intel firmware, allowing Conti to launch its ransomware attack.  Some of the black hat developers even got as far as to develop a working proof of concept for others to review.

Firmware attacks are fairly rare, but they do happen.  To pull it off, the attacker would first need to access the system via a conventional in-road.  For example, a phishing email where the victim would unwittingly give the hackers access, or perhaps by exploiting some other known vulnerability.

In one particularly exotic scenario, they could even make this attack work without prior access. They can do this by leveraging Intel's Management Engine to force the target machine to reboot, then supply virtual media to draw from on the reboot.

It's unlikely and would take a tremendous amount of skill, but Conti has shown in recent months that they have the expertise to pull something like that off.

Fortunately, word of the new attack vector has gotten out, the details have made their way to Intel, and Intel has updated their firmware.

If you're using an Intel machine, you should grab the latest update as soon as possible.  Conti is a well-known, notorious gang with ties to Russia.  You don't want your company in their crosshairs, so do everything you can do minimize that risk.

About the Author

Marty Parker

Marty Parker
Owner & General Manager

Marty is the Owner and General Manager of Heritage Digital. Marty has managed and built high-performing IT teams for over 30 years. He served 13 years in the manufacturing industry and 13 years in corporate-owned healthcare organizations. Before acquiring Heritage Digital, Marty was the Chief Information Officer of Carolinas Hospital System (now MUSC Health Florence Medical Center) in Florence, SC. Marty is passionate about educating and protecting people against cybercriminals.

Used with permission from Article Aggregator