TZUTC: -0500
MSGID: 1114.consprcy@1:2320/105 2c88ab77
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
 [Forget ransomware.  Think of what this could do to machines running AI.]

CPU microcode hack could infect processors with ransomware directly

Date:
Mon, 12 May 2025 16:00:00 +0000

Description:
A researcher created a working PoC for a ransomware strain that bypasses all
antivirus programs.

FULL STORY

A security researcher wrote ransomware code that infects the computers CPU,
making it invisible to virtually every antivirus program out there, and 
making it persistent even when the victim takes out and replaces the 
computers hard drive. 

This is according to The Register, who recently spoke with Christiaan Beek, a
cybersecurity researcher from Rapid7, who claims to have created a
Proof-of-Concept (PoC) for such ransomware. 

 Malware at the CPU level is not exactly arcane science. Weve seen it in the
past, with the likes of JoLax, CosmicStrand, and other UEFI firmware 
rootkits. However, this is the first time someones successfully played with
ransomware this way. 

CPU PoC

Beek said that he got the inspiration from a bug in AMD Zen processors that
allowed threat actors to load malicious microcode and break the encryption at
the hardware level. This would have allowed them to modify the behavior of 
the CPU as they saw fit. 

Beek says that the leaked Conti chat logs from 2022 suggested that actual
cybercriminals were discussing the same idea before, but they havent yet
gotten to a working solution. At least, not that the cybersecurity community
knows of. 

"If they worked on it a few years ago, you can bet some of them will get 
smart enough at some point and start creating this stuff," the researcher 
told the publication. 

He also said that he wont be releasing the code on the internet: "Of course,
we won't release that, but it's fascinating, right?" 

Ransomware remains one of the biggest threats out there, with companies of 
all sizes losing billions of dollars every year. In fact, a recent Veeam
study, which gathered insights from 1,300 CISOs, IT leaders, and security
professionals across the Americas, Europe, and Australia, found that nearly
three-quarters of businesses were impacted by ransomware over the past year . 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/cpu-microcode-hack-could-infect-process
ors-with-ransomware-directly

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426