Nvidia hackers leak 190GB of sensitive data from Samsung

vannvicente

Posts: 12   +0
What just happened? Lapsus$, a hacking group that leaked confidential information from Nvidia just last week, has reportedly moved to a new target: Samsung. The hackers have claimed an attack that leaked 190GB of confidential information from the South Korean technology giant, including encryption data and source code for Samsung's most recent devices.

The hackers behind the Nvidia security breach are setting their sights on the biggest tech companies in the world. Last week, South American hacker group Lapsus$ claimed to have perpetrated a major hacking attack on Nvidia, stealing over 1TB of information and holding it ransom. The Telegraph reported that Nvidia's internal systems were "completely compromised."

On Saturday, the hackers leaked nearly 190GB of data from Samsung, subsequently publishing the files through torrent. This reportedly includes sensitive information that may be used to compromise Samsung devices.

The publication vx-underground, which tracks information about malware across the web, tweeted a message that Lapsus$ released to their followers. It alleges that the hack includes "source code from every Trusted Applet installed on all Samsung devices" and "confidential source code from Qualcomm."

The leak also purportedly includes the algorithms for biometric unlock operations and the source code for Samsung Accounts, a login service associated with Samsung's mobile devices.

According to Bleeping Computer, the torrent has been shared by more than 400 peers, and includes a text file that describes the content available in the download:

  • "Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
  • Part 2 contains a dump of source code and related data about device security and encryption
  • Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)"

The Nvidia hack was reported to be a ransom plot, with the hackers threatening to leak Nvidia's mining limiter bypass algorithm. Lapsus$ claimed that Nvidia hacked them back but maintained that they still had a copy of Nvidia's confidential data.

Currently, there is no information about an extortion plot associated with the Samsung incident, with all files in the hack being released simultaneously. It is unknown if Lapsus$ has attempted to extort Samsung for a ransom.

Samsung has yet to respond to the security breach.

Permalink to story.

 
If a private hacking group can access source code this easily, we must assume that state actors such as Beijing and the Kremlin, etc. already have silently pilfered it, from dozens of companies. And thence the exploits and zero-days that Western white-hat folk uncover represent the only tip of the iceberg of what said malefactors have already devised and made use of long before those revelations, and far into the future.

Let's use our devices under the pro-active assumption that they are inherently both compromisable and compromised.
 

madboyv1

Posts: 1,805   +729
Dear hackers. Please rather spend your effort on higher purpose - like doing something to dethrone Putin & his cronies and the Chinese government. Both are oppressive regimes that deny citizens of their rights.
But there's nothing in it for them (money or resources), so why would they? The vast majority of publicized hacking incidents in the last 5 years have been ransom attacks, holding infrastructure and/or data hostage for money. I also would not be surprised in the least if most of the more publicly known groups are in truth leashed by the states you'd like them to go after.