"Many Gigabyte PC Models Affected by Major Supply Chain Issue"

According to researchers at the supply chain security vendor Eclypsium, hundreds of models of Gigabyte PCs are impacted by a backdoor that poses supply chain risks. The researchers revealed that Eclypsium's platform recently detected backdoor-like behavior in Gigabyte Technology's computer systems. The backdoor appears to be a deliberate "insecure implementation" of the Gigabyte App Center, a tool for downloading applications for Gigabyte motherboards. A follow-up analysis revealed that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process. This executable then downloads and executes additional payloads from Gigabyte servers. Eclypsium noted that the Gigabyte implementation is concerning because threat actors have previously exploited legitimate "OEM backdoors" to conduct threat campaigns, citing the Russian Advanced Persistent Threat (APT) group Fancy Bear abusing Computrace LoJack using a similar type of flaw as an example. There is concern about the flaw's potential use in supply chain attacks. However,  the vendor has not yet observed threat actors exploiting the backdoor. This article continues to discuss the discovery and potential impact of the insecure implementation of Gigabyte's App Center. 

TechTarget reports "Many Gigabyte PC Models Affected by Major Supply Chain Issue"