Posted on October 10, 2022 at 7:59 PM

Intel confirms their UEFI code was leaked, which concerns customers

Intel has ultimately recognized the occurrence in a statement to Tom Hardware. According to them, a foreign entity appeared to make their specialized UEFI software public. They trust this does not reveal any current safety weaknesses simply because they don’t fall back on data subterfuge as a safety precaution.

Their glitch bounty system protects this software as part of Project Circuit Breaker’s initiative, and they urge any investigators who find possible security flaws to notify them via this initiative. They are currently in the process of informing clients and the safety analysis community about the circumstance.

An unknown individual supposedly made public the origin software for Alder Lake’s BIOS on 4chan, and today it appears that a redundant data replica has been communicated on GitHub.

These documents are contained inside a zip format of 2.8GB, which expands to 5.86GB upon decompression.

Any official or trustworthy origin has not confirmed the validity of the circulated documents. Twitter posts from @glowingfreak allegedly disclosed the claimed fault.

The document seems to include a significant amount of information and instruments for generating a bootloader for the Alder Lake framework and graphics cards. While it is unknown how the documents were acquired, one among them contains Lenovo’s function Tag Test data. A couple of extra hints have been disclosed by the git record.

Although it has been ascertained that the document contains pertinent data, it is uncertain whether they will be used to generate known vulnerabilities, mainly if they came from an origin besides Intel. It’s easy to envision that most chipsets producers and initial gear manufacturing companies would’ve had direct exposure to comparable instruments and details for creating bootloaders for Intel systems. Intel might almost certainly brush any exceedingly classified documents before releasing them to multiple providers.

However, having sensitive data in possession of unauthorized attackers is rarely positive. Sometimes, even small data can result in significant security flaws, especially regarding security features.

Regardless of how the documents were acquired, the latest threats have aimed at external distributors to steal information from microprocessor manufacturers clandestinely, facilitating extortion money attempts.

Multiple attacks

After acquiring 56GB of information in the latest round of cyberattacks, RansomHouse attempted to scam AMD. AMD alliance Gigabyte seemed to have 112 GB of personal data stolen in the notorious “Gigabyte Hack,” but AMD refused to settle the extortion money for that cyberattack. Consequently, information regarding AMD’s awaited Zen 4 chipmakers were released ahead of time, which was correct.

The RansomHouse leak group has claimed today that they have data from chipmaker AMD.

Unverified. There were some rumors earlier this year that AMD was hit by ransomware, but they were never confirmed officially confirmed.

(via @CSICCybersecur1) pic.twitter.com/gGybb3lwzq

— Catalin Cimpanu (@campuscodi) June 27, 2022

A subsequent NVIDIA invasion also caused the theft of around 1TB of business information, but GPU’s business behemoth reacted by demolishing the hacked information using its methods.

The attackers who challenged NVIDIA demanded that the company open provide its GPU operators, deactivate LHR, and cough up the money in return. Cybercriminals asserted that turning it off would benefit the processing and video game communities.

Artechnica reports talk about the specifics of these requirements. Lapsus$, a cybercrime collective, allegedly asserted in bad English that they require NVIDIA to force an upgrade of all 30 edition system software that removes all LHR constraints, or else they would release the HW document.

LHR would be a function that NVIDIA presented last February and was included with GeForce display cards. This function was created to generate graphic cards less appealing to cryptocurrency miners and dissuade them from purchasing gaming-issued components. LHR operates by lowering mining consistency’s hash frequency by roughly 50%.

It appears that the character was a little too efficient, as it caused some anger on the aspect of the malicious attack. If somehow the GPU operators aren’t open-source, the cybercriminals threatened to discharge the complete silicon chip documents, revealing not only their operator’s secret information but also their most excellent closely-guarded exchange classified information for visuals and laptop chipsets. Which they eventually did.

It’s worth noting that NVIDIA hasn’t ever affirmed if Lapsus$ had been the entity that compromised their systems throughout this time. Furthermore, they did not detail the hacked information or how it would compare to the parts the attackers threatened to reveal.

Because of the enigmatic nature of NVIDIA and computer hackers, it was challenging to figure out which team was ruling the virtual fight. It also remained uncertain if NVIDIA was able to regain its hijacked documents as a result of the strike.