How to "roach" the server supply chain by phishing firmware suppliers

Wanna install back doors in servers? Phish into the design labs of BMC, Lenovo, Acer, Penguin, and Gigabyte. Wait, it's been done (see the story here). Malware can be hidden below the operating system, hypervisor, and antivirus. Since BMC, Gigabyte, and Vertive (all in the Lenovo-Acer-Ciara-Penguin-sysGen-Bigtera-Amax supply chain) don't have DMARC installed at all, persistent and resourceful nation-state entities can (and probably have) done some back-door installations.


Mad Max
Conspiracy Theorist

#firmware #backdoors #phishing #bmc #gigabyte #vertive


Popular Posts