After NVIDIA, it’s the Korean electronics titan’s turn to be targeted by the Lapsus$ hacker group.
The Lapsus$ group, which recently distinguished itself with a major attack on the GPU giant Nvidia (see our article), has done it again; according to Bleeping Computer, this group specializing in data extortion has returned to the charge, this time attacking Samsung, the Korean electronics titan.
The procedure seems relatively similar. Hackers have found a way to break into a sensitive corporate server and then offload a massive amount of sensitive stuff; as in the case of Nvidia, they then made all of this public and advertised their wrongdoing by posting a screenshot of a Visual Studio Code IDE window representing their loot.
At present, Samsung has not issued an official statement on the matter. She began by acknowledging the situation in a (very) short statement to the Korean Herald; the brand has soberly announced that it “studying the situation”. She did not, however, confirm whether the hackers had issued a ransom demand to them; as a reminder, this is how they proceeded during the attack on Nvidia. If we rely on the precedent set at that time, there is a good chance that the end result will be the same.
Particularly sensitive code held hostage
Indeed, Lapsus$ announced that it had recovered certain “confidential source code elements” and by definition very sensitive. These could therefore constitute an important means of pressure. The loot would include:
- Source code related to encryption operations and other critical security elements
- Algorithms related to biometric authentication
- Bootloader code (a particularly critical piece of code that briefly allows application updates to be deployed)
- Confidential source code elements from Qualcomm
- Source code from Samsung activation servers
- Part of Samsung’s private GitHub, containing various critical items
- The complete source code of the technology used to authorize and authenticate Samsung accounts, including APIs and services
If these claims are true, then this is a major leak. Most of the items mentioned above could represent a real security problem; the brand therefore has an interest in reacting relatively quickly. We also imagine that its partner Qualcomm is probably not happy to see some of its confidential proprietary programs emerging in the open.
According to a second Lapsus$ screenshot relayed by Bleeping Computer, all these elements are gathered in an archive of approximately 190 GB divided into three parts. These three archives have already been put online by the group of hackers, probably pending the payment of a ransom.
Samsung, however, wanted to reassure its customers. The brand assured Bloomberg that the leak did not contain “any personal customer or employee information.” She also clarified that she did not “expect any business or customer impact”, and that she had “taken steps” to prevent further such incidents.