Thursday, May 1, 2025
HomeComputer SecurityResearchers Found a New Attack that Remotly corrupts the Servers Firmware to...

Researchers Found a New Attack that Remotly corrupts the Servers Firmware to Make server unusable

Published on

SIEM as a Service

Follow Us on Google News

Researchers found new remote attack against Server firmware (BMC) that renders server unbootable by exploiting the vulnerabilities and gain the systems remote access.

This Attack Starts by pushing an update to the firmware and pass the malicious firmware image into Baseboard Management Controller (BMC) which causes servers completely unbootable and failed to recover.

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors.

- Advertisement - Google News

 BMC also used to remotely configure the system without relying on the host operating system or applications.

Data centers or cloud has own physical servers, firmware, hardware component that has its own vulnerabilities and the tools used to manage servers can be taking advantage by attackers.

Attack Process to Corrupt the Server Firmware

In this case, Attacker can remotely compromise the system by taking advantage of firmware or hardware vulnerabilities such as exploiting Apache Struts. or using compromised credentials.

In order to bricks a server, Researchers demonstrated a  remote attack that describes to bypass a malicious firmware image to the BMC over this interface.

In order to communicate with BMC researchers from eclypsium using the
network capabilities of the Intelligent Platform Management Interface (IPMI) protocol and also using host-based interface known as the Keyboard Controller Style (KCS) to pass the malicious firmware image.

According to eclypsium, “malicious BMC firmware update contains additional code that, once triggered, will erase the UEFI system firmware and critical components of the BMC firmware itself. “

This change will make the host and BMC unbootable and rendering it unusable and it completely recover the system to fail.

This Attempt can be performed by a attacker remotely or physical by inserting malware and compromising the hardware of a data center.

Existing procedures and tools need to evolve to provide practical defenses from attacks like these. Research in these threats shows how to scan for vulnerabilities in subsystems like BMC, eclypsium said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...