Not sure why it would be linked to BIOS firmware or Intel Management Engine, but anyway since I have a 50+ workstations, this problem is starting to piss me off...
Using DNS logging I have identified the so called culprits (which keep changing, a few devices today, other ones tomorrow, some of them keep repeating etc.) and thoroughly scanned the clients on multiple occasions with no results.
It even detects IPs that belong to mobile phones and even network printers.
Like I previously said, the firewall either flags normal internet browsing, when detecting certain ads and such (some of them probably legitimately malicious, even though blocked), or it detects the activity of remote desktop software such as TeamViewer and AnyDesk, which are frequent on my network and are initiated by me. I also use RDP to connect to the Server itself.
Could be the latter since the description of the "malware" is specifically about C&C, I really don't know what to make of it...