TZUTC: -0500   
   MSGID: 1114.consprcy@1:2320/105 2c88ab77   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
    [Forget ransomware.  Think of what this could do to machines running AI.]   
      
   CPU microcode hack could infect processors with ransomware directly   
      
   Date:   
   Mon, 12 May 2025 16:00:00 +0000   
      
   Description:   
   A researcher created a working PoC for a ransomware strain that bypasses all   
   antivirus programs.   
      
   FULL STORY   
      
   A security researcher wrote ransomware code that infects the computers CPU,   
   making it invisible to virtually every antivirus program out there, and    
   making it persistent even when the victim takes out and replaces the    
   computers hard drive.    
      
   This is according to The Register, who recently spoke with Christiaan Beek, a   
   cybersecurity researcher from Rapid7, who claims to have created a   
   Proof-of-Concept (PoC) for such ransomware.    
      
    Malware at the CPU level is not exactly arcane science. Weve seen it in the   
   past, with the likes of JoLax, CosmicStrand, and other UEFI firmware    
   rootkits. However, this is the first time someones successfully played with   
   ransomware this way.    
      
   CPU PoC   
      
   Beek said that he got the inspiration from a bug in AMD Zen processors that   
   allowed threat actors to load malicious microcode and break the encryption at   
   the hardware level. This would have allowed them to modify the behavior of    
   the CPU as they saw fit.    
      
   Beek says that the leaked Conti chat logs from 2022 suggested that actual   
   cybercriminals were discussing the same idea before, but they havent yet   
   gotten to a working solution. At least, not that the cybersecurity community   
   knows of.    
      
   "If they worked on it a few years ago, you can bet some of them will get    
   smart enough at some point and start creating this stuff," the researcher    
   told the publication.    
      
   He also said that he wont be releasing the code on the internet: "Of course,   
   we won't release that, but it's fascinating, right?"    
      
   Ransomware remains one of the biggest threats out there, with companies of    
   all sizes losing billions of dollars every year. In fact, a recent Veeam   
   study, which gathered insights from 1,300 CISOs, IT leaders, and security   
   professionals across the Americas, Europe, and Australia, found that nearly   
   three-quarters of businesses were impacted by ransomware over the past year .    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/cpu-microcode-hack-could-infect-process   
   ors-with-ransomware-directly   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426