HP iLO devices loaded with data wiping malware

415

Iranian Cybersecurity firm Amnpardaz has released a security report stating that HP iLO devices were loaded with a data wiping malware dubbed iLOBleed. Technically speaking, it is actually a malicious software rootkit that is loaded onto the firmware operating on the remote server management processors dubbed Integrated Lights-out(iLO).

HP iLO are used on blade servers and Proliant servers to assist the admin in doing remote operations such as maintenance, software upgrade, security update and reinstalling of faulty systems even when the servers are switched off. They come as a kit with a processor unit, some storage space and RAM along with a network card functioning on an operating system software.

So, according to an update released by Amnpardaz, iLOBleed has been targeting the iLO hardware devices since 2020 and also has the ability to hide from being detected.

After learning about the exploit, Hewlett Packard changed the UI of iLO to mitigate the existing cyber threat and neutralize the data wiping ability of the newly discovered rootkit.

Currently, those behind the rootkit attack are unknown. But researchers from Amnpardaz state that the attack needs a lot of technical expertise that only few hackers in the world can exhibit. And as most of such hackers work for state funded organizations, the HP iLO rootkit malware can be attributed to an APT.

Note- some features of iLO are resetting of servers, powering-up of server and workstations, customizing remote system console, access server integrated management logs, 2-FA and remote syslogs.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security