On March 4, 2022, Bleeping Computer revealed that the South American group of hackers Lapsus$ managed to get their hands on nearly 190 GB of confidential data. Samsung Electronics has confirmed to Bloomberg to have been the victim of this cyberattack a few days later. Cybercriminals have recently demanded a ransom from the South Korean group: if it is not paid, the data will be publicly disclosed.
Nearly 190 GB of stolen data, including many source codes from Samsung
” According to our initial analysis, the leak concerns part of the source code relating to our Galaxy smartphones, but does not include the personal information of our customers or our employees. “Explained a spokesperson for the electronics giant. The company guarantees that no customer data was leaked as part of this cyberattack. The company also claims to have taken all necessary measures to prevent this type of event in the future. Korea’s National Intelligence Service (NIS) considers the leaked information not to be key industrial assets, and added that it is working closely with defense contractors and private companies to respond to cyberattacks.
In Athens, Europe organizes a cyber exercise to test the resistance of Eastern countries
Among the 190 GB of recovered data, we would find the source code of the application installed in the Samsung TrustZone environment. It is used in particular for all sensitive operations such as data encryption, smartphone access control, etc. The source code for the bootloader of Galaxy smartphones, that of the technology used to authenticate and authorize Samsung accounts and that relating to all biometric unlocking operations were also stolen.
Lapsus$ is not its first cyberattack
For the moment, the management of Samsung did not give more details on the attack and did not confirm having paid the ransom or having entered into negotiations with Lapsus$. This group of South American cybercriminals is clearly not at its first attempt: last February, the group had already claimed to have stolen 1 TB of data from the semiconductor giant Nvidia, while posting pictures online some of this data.
In response, Nvidia confirmed last week that some employee credentials and proprietary information had been stolen, but also said it did not expect any disruption to its business. Lapsus$ then demanded a rather specific ransom: the group asked Nvidia to no longer restrict some of its graphics cards in order to promote cryptocurrency mining.