Hacking group LAPSUS$ claims to have accessed Samsung confidential data
Extortion group released a teaser with the first information exfiltrated from Samsung servers.
The same hacking group that managed to infiltrate NVIDIA servers 2 weeks ago has now begun leaking Samsung confidential data. The group managed to obtain as much as 1 TB of data from NVIDIA servers and has already released the source code for DLSS technology. After failed ransom and lack of NVIDIA cooperation, the team is now trying to sell the stolen information to 3rd party, including a bypass for cryptocurrency mining hash rate limited.
It is not mentioned which Samsung servers did the group target specifically, but they mention the data that has been stolen from Samsung servers.
LAPSUS$ on Samsung hack, Source:@vxunderground
After publishing a teaser LAPSUS$ provided the following description of the stolen data:
- source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
- algorithms for all biometric unlock operations
- bootloader source code for all recent Samsung devices
- confidential source code from Qualcomm
- source code for Samsung’s activation servers
- full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
Should this claim turn out to be true, then Samsung suffered from a major data breach that may have serious security consequences for both the company and their partners (such as Qualcomm).
LAPSUS$ extortion group have successfully breached both NVIDIA & Samsung.
-March 1st: They demand NVIDIA open-source its drivers, or else they will
-March 4th: LAPSUS$ released Samsung proprietary source code.
See attached images for more details directly from LAPSUS$ pic.twitter.com/U3VD7R2KRl
— vx-underground (@vxunderground) March 4, 2022
With no mention of the ransom or even being engaged with Samsung in any type of communication, it appears that Samsung either failed to meet the demands of the extortion group or has declined to comply with the terms.
Many thanks to TerpMike28 for the tip!