Iranian Cybersecurity firm Amnpardaz has released a security report stating that HP iLO devices were loaded with a data wiping malware dubbed iLOBleed. Technically speaking, it is actually a malicious software rootkit that is loaded onto the firmware operating on the remote server management processors dubbed Integrated Lights-out(iLO).
HP iLO are used on blade servers and Proliant servers to assist the admin in doing remote operations such as maintenance, software upgrade, security update and reinstalling of faulty systems even when the servers are switched off. They come as a kit with a processor unit, some storage space and RAM along with a network card functioning on an operating system software.
So, according to an update released by Amnpardaz, iLOBleed has been targeting the iLO hardware devices since 2020 and also has the ability to hide from being detected.
After learning about the exploit, Hewlett Packard changed the UI of iLO to mitigate the existing cyber threat and neutralize the data wiping ability of the newly discovered rootkit.