Leaked communications from within the Conti threat group reveal the Moscow-backed cybercrime group has honed its firmware attack skills and is actively targeting Intel Management Engine (ME), a microcontroller inside many iterations of the modern Intel chipset, according to a new report.
The analysis, from Eclypsium, notes that Intel chipsets aren't being targeted by Conti because they have vulnerable code, but rather the group assumes firmware patching is spotty at best. In addition, firmware attacks can evade most security tools, the analysts added.
"This can leave some of the most powerful and privileged code on a device susceptible to attack," the report detailing the Conti firmware attacks said. "The recent Conti leaks mark a critical phase in the rapidly evolving role of firmware in modern attacks."