Lapsus$, a cyber extortion gang that previously targeted Nvidia, has started bragging about a major Samsung data breach that is engineered. According to the hackers, they stole around 200GB of compressed material from Samsung servers, including secret documentation, code, and other proprietary data. Lapsus$ claims to have Knox authentication code, biometric unlock algorithms, bootloader code for all modern Samsung devices, Trusted Applet source code, code underlying online services and Samsung accounts, among other things.
If the reports are true, the acts of these South American hackers have resulted in a big and potentially highly devastating leak for Samsung. It’s tough to select the most critical data loss from the group’s alerts because they all sound so important to Samsung device security. Samsung Galaxy devices account for one out of every five smartphones sold worldwide, so the company will not be immune to the consequences of this attack; it has hundreds of millions of consumers to consider.
Bleeping Computer has analysed the extortion gang’s claims, published screenshots, and a downloadable file-set containing the disclosed data to assess the nature and contents of the Samsung hack. The screenshot shows some Samsung software C/C++ code open in an editor. The contents of the leak are accessible through BitTorrent. The stolen Samsung content was shared by about 400 people, making it a very popular piece of information.
Interestingly, Bleeping Computer downloaded the small ReadMe.txt from the torrent, and it explains the contents of the trio of 7Zip archives as follows:
- Archive part 1: contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Archive part 2: contains a dump of source code and related data about device security and encryption
- Archive part 3: contains various repositories from Samsung Github: mobile defence engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, Store)
also read:
Records of over 71,000 employees got leaked in the latest Nvidia Cyberattack
