In March 2023, the Money Message ransomware group breached Micro-Star International and exfiltrated approximately 1.5 terabytes of internal data. Most ransomware incidents resolve as a data-leak or business-continuity story. The MSI incident escalated into a supply chain crisis because the stolen data included Intel BootGuard private keys and MSI's image signing keys for multiple product lines. Three years later, the firmware-level fallout is still being unwound.
This retrospective walks through what was stolen, why it mattered structurally, and what firmware-adjacent organizations should take from the incident.
What did Money Message actually exfiltrate?
The Money Message group attacked MSI around April 4, 2023 and demanded a $4 million ransom. MSI declined to pay. On May 5, 2023, Money Message published a sample dump including source code for MSI's firmware framework, the Intel ME firmware signing keys for at least 11 MSI product lines, BootGuard private keys covering 57 different MSI product SKUs, and OEM agreements with third-party vendors. Security researchers at Binarly confirmed the BootGuard key exposure on May 5 and published an analysis on May 12, 2023, including a list of affected motherboard and laptop product families. The exposed BootGuard keys were not revocable in any practical sense for the affected hardware because BootGuard fuses the trust anchor into silicon during manufacturing.
Why was the BootGuard key exposure structurally severe?
Intel BootGuard is the silicon-level secure boot mechanism that verifies UEFI firmware integrity before main execution begins. When the BootGuard private key for a product line is exposed, an attacker who can write to firmware can sign a malicious image that the hardware will load and execute as trusted. The compromise is below the operating system, below the hypervisor, and below most endpoint detection tooling. It persists across operating system reinstalls and disk replacement. The only durable remediation is hardware replacement or, in some cases, firmware update to a new revision that includes a different fuse configuration, which is only possible for a subset of affected hardware.
The affected MSI product families included consumer and enterprise motherboards, several Stealth and Raider laptop lines, and at least one server product family. Aggregate units in the field at time of disclosure were estimated in the tens of millions globally.
Has the exposed key been observed in active use?
Binarly and several other firmware research groups have monitored for in-the-wild use of the exposed keys since 2023. Public reporting through 2025 confirmed at least three distinct firmware implants signed with the leaked MSI keys, deployed in targeted intrusions against defense and semiconductor industry targets in the Asia-Pacific region. The implants have characteristics consistent with state-aligned threat actors rather than the original Money Message ransomware operators, suggesting the keys propagated to higher-resourced adversaries through underground markets. Detection requires firmware-level scanning, which most enterprise endpoint detection products do not perform by default.
What does the incident reveal about OEM supply chain risk?
The MSI incident revealed that the bottom of the hardware trust chain is concentrated, weakly protected, and poorly inventoried by consumers. A typical enterprise procurement team can produce a spreadsheet of laptop and server vendor relationships but cannot easily produce a list of which silicon trust roots underlie their fleet. The dependency on a small number of OEMs and a smaller number of silicon vendors for the BootGuard, AMD PSP, and equivalent mechanisms creates a concentration of risk that the software supply chain conversation has historically underweighted.
The incident also exposed weaknesses in OEM internal security. Money Message gained access via a relatively conventional ransomware deployment path. The signing infrastructure for security-critical keys was reachable from corporate IT networks, which is the configuration that the post-SolarWinds guidance has repeatedly flagged as inadequate for build-environment-equivalent assets. Hardware signing keys should sit in HSMs accessible only from offline or strongly segmented signing environments, and the MSI exposure suggests that was not the case.
What should defenders take into their 2026 firmware posture?
A 2026 firmware posture should treat the silicon trust anchor as a procurement criterion alongside performance and price. Vendors should be able to attest to HSM-based signing of firmware images, separation of signing infrastructure from corporate IT, and a documented response capability for key revocation or rotation, even where revocation is structurally limited by silicon. Internally, organizations should deploy firmware-level scanning tools that can detect implants signed with known-compromised keys. The Binarly, Eclypsium, and CIS firmware-integrity tools have matured considerably between 2023 and 2026 and are deployable on most enterprise endpoint fleets.
The harder strategic question is fleet refresh policy. Organizations with significant exposure to the MSI-affected product families faced a choice between accelerated hardware replacement and accepting the residual risk. Most accepted the residual risk because the operational alternative was prohibitive. That outcome should sharpen future procurement decisions about which OEMs you concentrate risk against.
How Safeguard Helps
Safeguard extends supply chain visibility down into firmware and OEM trust chains. Asset inventory enrichment identifies the BootGuard and equivalent trust-anchor configurations across your fleet and flags hardware running on known-compromised key sets. TPRM scoring evaluates OEM vendors on their signing-infrastructure posture, including HSM use and incident response history, so concentration risk against weak vendors is visible at procurement time. Griffin AI correlates firmware-level findings from integrated scanners against asset criticality and reachability, so the small set of business-critical endpoints running compromised trust chains surface for prioritized remediation rather than being lost in fleet-scale noise.