Posted on March 7, 2022 at 11:55 AM
The Lapsus$ hacking group that recently attacked global chipmaker NVIDIA has been linked to another cyberattack on another global firm, South Korean electronics giant Samsung. According to a recent report, the extortion gang initially posted a screenshot for a cod from Sansumg before explaining what they have stolen from the company’s servers.
Based on the details the gang provides, it seems the vital information stolen includes the source code for the bootloader for newer Samsung products as well as the algorithms for all biometric unlocking operations. Additionally, the stolen file contains the source code for the process of authorizing and authenticating Samsung accounts.
Nearly 190 GB Of Data Distributed Online
The stolen files are su5rely very critical to the operations of the electronic giant, which makes it a very bad breach if all claims the group are true.
Lapsus$ said the data has been loaded and compressed into several files totaling close to 190 GB. However, unlike the hacking incident with Nvidia, the latest attack is not a kidnapping since the threat actors have not made any form of demand from Samsung.
The details have been exposed in the darknet as well. More than 400 users on the hacking forum have already shared the information among themselves. The hackers have even promised to boost download speed to enable users to share the files faster.
As a global electronics manufacturer, any negative incidence in the company can have a heavy impact. The latest development will surely be a blow to Samsung which has invested quite a lot to protect its servers from online criminals. It’s not clear to what extent the hacking incident will affect the company, but it will certainly require more investment to offer more protection for the server. For a global brand, an incident like this can lead to loss of brand image and reputation, not minding the financial implication.
According to the report by Nasdaq, the breach on Nvidia impacted the company heavily, with its stock also closing lower than the rest of the market on Friday. The real dollar damage on Samsung may be known when the stock market opens on Monday.
The Data Contains Samsung Source Code And Account Backend
Based on the data shared by the hackers in the Samsung hack, the screenshots revealed C/C++ code from Samsung software that opens in an editor. The leaked contents have been shared on the BitTorrent protocol, a very popular site for data lumps.
The contents of the files contain three archives. The first part contains various repositories from Samsung Github, Samsung pass backend/frontend, Samsung account backend, and mobile defense engineering. The second archive contains a dump of source code and other data about device encryption and security. The third contains a sump of source code and other data about Security/Defense/Knox/Bootloader/TrustedApps.
The Lapsus$ hack on Nvidia servers last week has been well documented. After the hacking incident, the group threatened to release Nvidia’s LHR code if the chipmaker did not meet its demands. The group claimed to have over 1TB of data they gathered from Nvidia’s server.
The next day Nvidia released a statement about the hacking incident while Lapsus$ was making financial demands, asking for a payoff to keep Nvidia’s stolen data under wraps.
Lapsus$ had placed a ransom of $1 million to keep the LHR bypass code secret. And yesterday, the hackers released the credentials of about 71,000 employees of the company. It was probably another warning that they are ready to go on to carry out their threat if Nvidia did not respond to their demands.
Global Firms Have Been Tasked On Cyber Security
There is no evidence that Nvidia or Samsung will meet the hackers’ demands, although it appears Samsung’s case is different. The attackers did not make any demand for a payoff from the electronics giant. However, Samsung may have been contacted in the past for a ransom payment and refused to pay.
That is probably why the data have been exposed to the public. Following the recent cyber threats of these global companies, other firms have been put on red alert to beef up their security systems. Global firms have been advised to spend more time and resources to protect their systems and keep them from the prying eyes of threat actors. Security researchers have also advised organizations to be very cautious, as threat action could likely increase due to the ongoing political conflict between Russia and Ukraine.