Depending on chipset and CPU generation, variations of the Intel ME technology are known as the Intel Converged Security and Management Engine (CSME) or Intel Trusted Execution Environment. Intel ME is essentially a computer inside a computer and is completely separate from the user-installed OS that uses the main CPU. The Intel Management Engine is a subsystem that's present in many Intel chipsets and consists of a dedicated coprocessor and real-time operating system that's used for out-of-band management tasks. According to new research by security firm Eclypsium, the Conti ransomware group developed proof-of-concept code to exploit Intel ME firmware and gain code execution in System Management Mode, a highly privileged execution environment of the CPU.
However, over the past couple of years cybercriminal gangs have also shown an interest, with developers of the notorious TrickBot botnet adding an UEFI attack module in 2020. The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products.įirmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups. Leaked internal chats from the Conti ransomware gang suggests the group has been researching and developing code to compromise the Intel Management Engine (Intel ME), the out-of-band management functionality built into Intel chipsets.
0 kommentar(er)
