A newly discovered rootkit has been found to target Hewlett-Packard Enterprise’s Integrated Lights-Out server management technology.

These attacks tamper with the firmware modules and can completely wipe data off infected systems. This discovery was documented by Iranian cybersecurity firm Amnpardaz this week.

This type of flaw is called iLOBleed and has been used in attacks since 2020. It manipulates a number of original firmware modules in order to stealthily obstruct updates to the firmware. It does this by simulating an upgrade process when in fact there is no update.

Actions to take.

It is important to keep your systems up to date with the latest firmware that has been shipped from your manufacturer. This will help you mitigate potential risk. Make sure iLo networks are segmented from operating networks and that the firmware is regularly checked for signs of infection. Another aspect to take note of this particular infection is that even if it is disconnected from the network there is no way to disable or turn off iLO meaning it could still get infected disconnected.

If you need any help or support, you can always reach out to Britec and contact us.