In a nutshell: It appears that the South American group behind the Nvidia and Samsung hacks could have been responsible for another attack, and the victim didn't even know about it. Vodafone is investigating claims by Lapsus$ that it stole source code from the telecoms giant, and it could be about to dump 200GB of the pilfered data.
Lapsus$ posted a poll on its Telegram channel earlier this week asking, "What should we leak next?" There are three options: Vodafone, Impresa, and MercadoLibre/MercadoPago.
CNBC reports that 56% of the vote had been to dump 200GB of Vodafone source code. The poll ends on March 13, so it looks as if the UK firm will be chosen.
A spokesperson told CNBC: "We are investigating the claim together with law enforcement, and at this point we cannot comment on the credibility of the claim. However, what we can say is that generally the types of repositories referenced in the claim contain proprietary source code and do not contain customer data."
Argentinian eCommerce company MercadoLibre/MercadoPago and Portuguese media conglomerate Impresa, which suffered a data breach late last year, didn't respond to requests for comment.
Lapsus$ has been on the rampage over the last few weeks. It recently leaked 1TB of stolen data from Nvidia that exposed over 70,000 employee account login credentials. The group also claims to have used the stolen info to create a tool that can bypass Nvidia's Lite Hash Rate limiter without flashing or updating the firmware on a graphics card. It had been offering the tool to potential buyers for $1 million.
LAPSUS$ extortion group have successfully breached both NVIDIA & Samsung.--- vx-underground (@vxunderground) March 4, 2022
-March 1st: They demand NVIDIA open-source its drivers, or else they will
-March 4th: LAPSUS$ released Samsung proprietary source code.
See attached images for more details directly from LAPSUS$ pic.twitter.com/U3VD7R2KRl
The hackers then claimed an attack that leaked 190GB of confidential information from Samsung, including encryption data and source code for the company's most recent devices. The leak also purportedly contained algorithms for biometric unlock operations and source code for Samsung Accounts, a login service associated with Samsung's mobile devices.
Image credit: B_A