data breach

LAPSUS$, the hackers group responsible for the recent Nvidia data breach, claims to have hacked Samsung and stolen nearly 200GB of sensitive data.

The 190GB trove of exposed files includes source code for Samsung’s activation servers, bootloaders and biometric unlock algorithms for all recently released Samsung devices, and trusted applets for Samsung’s TrustZone environment. The leaked data is also thought to include Qualcomm’s confidential source code.

Members of the LAPSUS$ hackers group have claimed responsibility for the data breach, posting details of the data obtained in a Telegram channel and encouraging other members to “enjoy” the contents made available for Torrent download.

According to the message, the hackers also got “a variety of other data,” but the elements listed could put Samsung device users in immediate danger of being hacked or impersonated by cybercriminals.

Because the trusted applets (TA) source codes obtained by LAPSUS$ are installed in Samsung’s Trusted Execution Environment (TEE) known as TrustZone, the hackers – and anyone who has downloaded the Torrent files – may be able to bypass Samsung’s hardware cryptography, binary encryption, and access control.

The total size of the leaked data is around 190GB, which LAPSUS$ divided into three compressed files, and the torrent has already been downloaded and shared by over 400 peers.

According to a Samsung spokesperson, the company “immediately after discovering the incident” took steps to strengthen its security system.

“According to our preliminary findings, the breach involves some source code related to Galaxy device operation, but no personal information about our customers or employees. At this time, we do not expect any impact on our business or customers. We’ve put safeguards in place to prevent future incidents, and we’ll continue to serve our customers as usual “, they had informed.

Source: www.itpro.co.uk

Qualcomm has yet to respond, and it’s unclear whether the hacking group had any demands for Samsung before leaking the private information.

Researchers discovered “severe” security flaws in a long line of Samsung flagship smartphones just weeks ago, which if exploited could allow attackers to steal cryptographic keys.

It also comes just five days after Nvidia confirmed that on February 26th, the LAPSUS$ hacking group successfully breached its systems and distributed 1TB of confidential company data, including security credentials for 71,000 former and current Nvidia employees.

The data was obtained through a double extortion scheme that entailed compromising a victim and stealing data before encrypting their machine, as well as threatening to leak the stolen data if the ransom is not paid. In the last year, the number of double extortion cases has increased, with one in every seven cases resulting in the loss of sensitive information.

It is worth noting that LAPSUS$’ attacks coincide with a spike in cyber warfare due to Russia’s invasion of Ukraine, yet the hacking group maintains that its actions are not politically motivated.

According to Matt Aldridge, principal solutions analyst at Carbonite and Webroot, “these gangs continue to be more inventive with the types of data and businesses they target,” similar to “most modern cyber attacks.”

“Given the high-profile nature of the victim, the hackers may have posted a message releasing Samsung’s data along with a snapshot of its source code in order to gain additional leverage in the event of a ransom demand. However, because the data breach has already occurred and the data has been exfiltrated, no ransom payment can ensure that all copies of the data are securely destroyed “, he said.

Team YTS