Supermicro server motherboards can be infected with unremovable malware

Supermicro server motherboards have high-severity vulnerabilities that allow hackers to remotely install undetectable and unremovable malware in the firmware. One vulnerability stems from an incomplete patch released by Supermicro in January, leading to the discovery of a second critical vulnerability by security firm Binarly. These flaws enable attackers to implant firmware similar to ILObleed, which infected HP Enterprise servers in 2021 with data-wiping capabilities that persist even after common disinfection measures. The malware can reactivate the attack despite OS reinstalls or hard drive replacements.