Hackers managed to steal several gigabytes worth of internal company data from Samsung, the South Korean corporation confirmed on Monday.
Over the weekend, the Lapsus$ hacking group shared a note revealing the contents of their hack. The screenshots suggest that the group was able to obtain around 190GB of data. The data includes the source code for Galaxy devices, algorithms for its biometric authentication, repositories from Samsung’s GitHub, and much more. The hackers then packaged all of the stolen material into a torrent file that is currently making the rounds.
Samsung hackers steal Galaxy source code
This is unquestionably a major incident that could cause rather significant problems for the company going forward. The silver lining, if there is one, is that the hackers were not able to steal any personal data from Samsung customers. Additionally, Samsung says that it has put new measures in place to prevent any further breaches.
Samsung shared the following statement with Bloomberg in regards to the hack:
There was a security breach relating to certain internal company data. According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.
Lapsus$ is making a name for itself
Notably, this is the second major breach by the hacking group Lapsus$ in the past week. Just days ago, Nvidia announced that it was “aware of a cybersecurity incident which impacted IT resources.” Lapsus$ claimed responsibility for the data breach immediately. Then the group began leaking the credentials of Nvidia employees online.
According to Have I Been Pwned, the group leaked “over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.” The breach occurred on February 23rd, 2022.
Tom’s Hardware reports that Nvidia has over 20,000 employees worldwide. This would suggest that the data breach could have included former employees as well as current employees. Beyond the employee credentials, Lapsus$ also got its hands on two code signing certifications. Both are expired, but can still be used for driver signing purposes:
As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd
— Bill Demirkapi (@BillDemirkapi) March 3, 2022
In the case of the Nvidia hack, Lapsus$ attempted to blackmail the company. The group’s demands were for Nvidia to make all current and future GPU drivers open source by Friday, March 4th. If the company did not comply, the group would “release the complete silicon, graphics and computer chipset files for all recent Nvidia GPUs.”
As of Monday morning, it doesn’t appear that Lapsus$ has made any similar demands regarding Samsung’s data. Lapsus$ maintains a public Telegram group where it shares updates about its exploits. If any developments occur with the Samsung or the Nvidia hack, it’s more than likely that the hackers will share details within that group.