Threat actor uses HP iLO rootkit to wipe servers

Correlate

Level 16
Thread author
Verified
Top poster
Well-known
May 4, 2019
741
An Iranian cyber-security firm said it discovered a first-of-its-kind rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations.

Named iLOBleed, the rootkit was discovered by Tehran-based security firm Amnpardaz and detailed in a report released on Tuesday.

According to the company, iLOBleed targets HP iLO (Integrated Lights-Out), a hardware device that can be added to servers or workstations as an add-on board.