{"id":10495,"date":"2025-07-15T12:37:44","date_gmt":"2025-07-15T05:37:44","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10495"},"modified":"2026-02-05T12:37:50","modified_gmt":"2026-02-05T05:37:50","slug":"hang-loat-bo-mach-chu-gigabyte-dinh-lo-hong-hacker-co-the-cai-bootkit-vinh-vien","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/15\/hang-loat-bo-mach-chu-gigabyte-dinh-lo-hong-hacker-co-the-cai-bootkit-vinh-vien\/","title":{"rendered":"H\u00e0ng lo\u1ea1t bo m\u1ea1ch ch\u1ee7 Gigabyte d\u00ednh l\u1ed7 h\u1ed5ng: Hacker c\u00f3 th\u1ec3 c\u00e0i bootkit v\u0129nh vi\u1ec5n"},"content":{"rendered":"<p><b>C\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt v\u1eeba ph\u00e1t hi\u1ec7n nhi\u1ec1u l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong firmware UEFI tr\u00ean h\u00e0ng lo\u1ea1t bo m\u1ea1ch ch\u1ee7 (mainboard) c\u1ee7a Gigabyte, c\u00f3 kh\u1ea3 n\u0103ng cho ph\u00e9p tin t\u1eb7c c\u00e0i m\u00e3 \u0111\u1ed9c bootkit v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf b\u1ea3o v\u1ec7 Secure Boot, ho\u1ea1t \u0111\u1ed9ng d\u01b0\u1edbi h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 t\u1ed3n t\u1ea1i v\u0129nh vi\u1ec5n ngay c\u1ea3 khi h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t l\u1ea1i.<\/b><\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1752574525036.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1752574525036-png.17318\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img fetchpriority=\"high\" decoding=\"async\" class=\"bbImage\" title=\"1752574525036.png\" src=\"https:\/\/whitehat.vn\/attachments\/1752574525036-png.17318\/\" alt=\"1752574525036.png\" width=\"819\" height=\"445\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<h3>C\u00f3 th\u1ec3 b\u1ecb chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n \u1edf c\u1ea5p \u0111\u1ed9 cao nh\u1ea5t\u200b<\/h3>\n<p>C\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn System Management Mode (SMM) &#8211; ch\u1ebf \u0111\u1ed9 qu\u1ea3n l\u00fd h\u1ec7 th\u1ed1ng n\u1eb1m s\u00e2u trong ki\u1ebfn tr\u00fac UEFI c\u00f3 quy\u1ec1n truy c\u1eadp cao h\u01a1n c\u1ea3 h\u1ec7 \u0111i\u1ec1u h\u00e0nh. N\u1ebfu khai th\u00e1c th\u00e0nh c\u00f4ng, hacker c\u00f3 th\u1ec3 th\u1ef1c thi m\u00e3 \u0111\u1ed9c tr\u1ef1c ti\u1ebfp trong SMM, t\u1eeb \u0111\u00f3 ghi d\u1eef li\u1ec7u t\u00f9y \u00fd v\u00e0o v\u00f9ng nh\u1edb SMRAM, v\u00f4 hi\u1ec7u h\u00f3a Secure Boot v\u00e0 th\u1eadm ch\u00ed c\u00e0i implant firmware (m\u00e3 \u0111\u1ed9c \u1edf c\u1ea5p \u0111\u1ed9 ph\u1ea7n m\u1ec1m h\u1ec7 th\u1ed1ng) d\u01b0\u1edbi d\u1ea1ng bootkit, t\u01b0\u01a1ng t\u1ef1 nh\u01b0 c\u00e1c m\u00e3 \u0111\u1ed9c n\u1ed5i ti\u1ebfng BlackLotus, CosmicStrand.<\/p>\n<p>C\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c g\u00e1n m\u00e3 t\u1eeb CVE-2025-7026 \u0111\u1ebfn CVE-2025-7029 v\u00e0 \u0111\u1ec1u \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng (CVSS 8,2). C\u1ee5 th\u1ec3:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\"><b>CVE-2025-7026<\/b>: Cho ph\u00e9p ghi t\u00f9y \u00fd v\u00e0o SMRAM, d\u1eabn \u0111\u1ebfn leo thang \u0111\u1eb7c quy\u1ec1n v\u00e0 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t firmware.<\/li>\n<li data-xf-list-type=\"ul\"><b>CVE-2025-7027<\/b>: Cho ph\u00e9p ghi d\u1eef li\u1ec7u v\u00e0o SMRAM, c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn ch\u1ec9nh s\u1eeda firmware \u0111\u1ed9c h\u1ea1i.<\/li>\n<li data-xf-list-type=\"ul\"><b>CVE-2025-7028<\/b>: L\u1ed7i trong tr\u00ecnh x\u1eed l\u00fd SmiFlash, cho ph\u00e9p hacker \u0111\u1ecdc\/ghi SMRAM \u0111\u1ec3 c\u00e0i bootkit.<\/li>\n<li data-xf-list-type=\"ul\"><b>CVE-2025-7029<\/b>: L\u1ed7i trong tr\u00ecnh x\u1eed l\u00fd OverClockSmiHandler, cho ph\u00e9p leo thang \u0111\u1eb7c quy\u1ec1n trong SMM.<\/li>\n<\/ul>\n<h3>\u1ea2nh h\u01b0\u1edfng tr\u00ean di\u1ec7n r\u1ed9ng, kh\u00f4ng ch\u1ec9 ri\u00eang Gigabyte\u200b<\/h3>\n<p>Theo b\u00e1o c\u00e1o, ban \u0111\u1ea7u x\u00e1c nh\u1eadn c\u00f3 h\u01a1n 240 m\u1eabu mainboard Gigabyte b\u1ecb \u1ea3nh h\u01b0\u1edfng. Tuy nhi\u00ean, theo c\u1eadp nh\u1eadt ng\u00e0y 14\/7, nh\u1eefng l\u1ed7 h\u1ed5ng n\u00e0y th\u1ef1c t\u1ebf c\u00f2n \u1ea3nh h\u01b0\u1edfng t\u1edbi h\u01a1n 100 d\u00f2ng mainboard thu\u1ed9c nhi\u1ec1u nh\u00e0 s\u1ea3n xu\u1ea5t kh\u00e1c, kh\u00f4ng ch\u1ec9 ri\u00eang Gigabyte v\u00ec c\u00f9ng d\u00f9ng firmware t\u1eeb American Megatrends Inc. (AMI).<\/p>\n<p>\u0110\u00e1ng l\u01b0u \u00fd, AMI \u0111\u00e3 \u00e2m th\u1ea7m ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 d\u01b0\u1edbi d\u1ea1ng NDA nh\u01b0ng nhi\u1ec1u firmware c\u1ee7a Gigabyte v\u1eabn ch\u01b0a t\u00edch h\u1ee3p c\u00e1c b\u1ea3n s\u1eeda l\u1ed7i n\u00e0y.<\/p>\n<h3>Gigabyte l\u00ean ti\u1ebfng nh\u01b0ng ch\u01b0a x\u1eed l\u00fd tri\u1ec7t \u0111\u1ec3\u200b<\/h3>\n<p>Sau khi th\u00f4ng tin \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 c\u00f4ng khai, Gigabyte \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n tin b\u1ea3o m\u1eadt v\u00e0o ng\u00e0y 15\/7, tuy nhi\u00ean ch\u1ec9 \u0111\u1ec1 c\u1eadp \u0111\u1ebfn 3 trong 4 l\u1ed7 h\u1ed5ng m\u00e0 Binarly ph\u00e1t hi\u1ec7n. M\u1ed9t l\u1ed7 h\u1ed5ng v\u1eabn ch\u01b0a \u0111\u01b0\u1ee3c c\u00f4ng khai ho\u1eb7c ch\u01b0a \u0111\u01b0\u1ee3c v\u00e1, l\u00e0m d\u1ea5y l\u00ean lo ng\u1ea1i v\u1ec1 nguy c\u01a1 t\u1ed3n \u0111\u1ecdng backdoor ti\u1ec1m \u1ea9n trong thi\u1ebft b\u1ecb.<\/p>\n<p>Th\u00eam v\u00e0o \u0111\u00f3, ph\u1ea7n l\u1edbn bo m\u1ea1ch b\u1ecb \u1ea3nh h\u01b0\u1edfng \u0111\u00e3 h\u1ebft v\u00f2ng \u0111\u1eddi h\u1ed7 tr\u1ee3 (EOL), khi\u1ebfn kh\u1ea3 n\u0103ng nh\u1eadn b\u1ea3n v\u00e1 ch\u00ednh th\u1ee9c t\u1eeb nh\u00e0 s\u1ea3n xu\u1ea5t g\u1ea7n nh\u01b0 b\u1eb1ng kh\u00f4ng.<\/p>\n<p>Tr\u01b0\u1edbc t\u00ecnh tr\u1ea1ng n\u00e0y, ng\u01b0\u1eddi d\u00f9ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 nh\u1eefng t\u1ed5 ch\u1ee9c ho\u1ea1t \u0111\u1ed9ng trong m\u00f4i tr\u01b0\u1eddng h\u1ea1 t\u1ea7ng quan tr\u1ecdng c\u1ea7n:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">Ch\u1ee7 \u0111\u1ed9ng ki\u1ec3m tra model bo m\u1ea1ch ch\u1ee7 \u0111ang s\u1eed d\u1ee5ng<\/li>\n<li data-xf-list-type=\"ul\">Theo d\u00f5i c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt firmware t\u1eeb Gigabyte v\u00e0 c\u00e1c OEM li\u00ean quan<\/li>\n<\/ul>\n<p>S\u1ef1 vi\u1ec7c l\u1ea7n n\u00e0y ti\u1ebfp t\u1ee5c cho th\u1ea5y nguy c\u01a1 ti\u1ec1m \u1ea9n t\u1eeb firmware UEFI v\u1ed1n c\u00f3 quy\u1ec1n truy c\u1eadp s\u00e2u nh\u1ea5t tr\u00ean thi\u1ebft b\u1ecb nh\u01b0ng l\u1ea1i th\u01b0\u1eddng b\u1ecb b\u1ecf qua trong qu\u00e1 tr\u00ecnh b\u1ea3o m\u1eadt. V\u1edbi kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua c\u1ea3 Secure Boot v\u00e0 t\u1ed3n t\u1ea1i l\u00e2u d\u00e0i, nh\u1eefng m\u00e3 \u0111\u1ed9c UEFI nh\u01b0 bootkit \u0111ang tr\u1edf th\u00e0nh m\u1ed1i \u0111e d\u1ecda th\u1ef1c s\u1ef1 cho c\u1ea3 ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n l\u1eabn h\u1ec7 th\u1ed1ng doanh nghi\u1ec7p. Vi\u1ec7c c\u1eadp nh\u1eadt firmware v\u00e0 ki\u1ec3m tra \u0111\u1ecbnh k\u1ef3 l\u00e0 b\u01b0\u1edbc thi\u1ebft y\u1ebfu \u0111\u1ec3 b\u1ea3o v\u1ec7 thi\u1ebft b\u1ecb tr\u01b0\u1edbc nh\u1eefng t\u1ea5n c\u00f4ng c\u1ea5p th\u1ea5p nh\u01b0 n\u00e0y.<\/p>\n<div style=\"text-align: right\"><b><i>Theo Bleeping Computer<\/i><\/b>\u200b<\/div>\n<div style=\"text-align: right;margin-top: 16px\"><i>Theo: <a href=\"https:\/\/whitehat.vn\/threads\/hang-loat-bo-mach-chu-gigabyte-dinh-lo-hong-hacker-co-the-cai-bootkit-vinh-vien.18566\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/whitehat.vn\/threads\/hang-loat-bo-mach-chu-gigabyte-dinh-lo-hong-hacker-co-the-cai-bootkit-vinh-vien.18566\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"<p>C\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt v\u1eeba ph\u00e1t hi\u1ec7n nhi\u1ec1u l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong firmware UEFI tr\u00ean h\u00e0ng lo\u1ea1t bo m\u1ea1ch ch\u1ee7 (mainboard) c\u1ee7a Gigabyte, c\u00f3 kh\u1ea3 n\u0103ng cho ph\u00e9p tin t\u1eb7c c\u00e0i m\u00e3 \u0111\u1ed9c bootkit v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf b\u1ea3o v\u1ec7 Secure Boot, ho\u1ea1t \u0111\u1ed9ng d\u01b0\u1edbi h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 t\u1ed3n t\u1ea1i v\u0129nh vi\u1ec5n [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10495","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10495"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10495\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}