What just happened? Lapsus$, a hacking group that leaked confidential information from Nvidia just last week, has reportedly moved to a new target: Samsung. The hackers have claimed an attack that leaked 190GB of confidential information from the South Korean technology giant, including encryption data and source code for Samsung’s most recent devices.
The hackers behind the Nvidia security breach are setting their sights on the biggest tech companies in the world. Last week, South American hacker group Lapsus$ claimed to have perpetrated a major hacking attack on Nvidia, stealing over 1TB of information and holding it ransom. The Telegraph reported that Nvidia’s internal systems were “completely compromised.”
On Saturday, the hackers leaked nearly 190GB of data from Samsung, subsequently publishing the files through torrent. This reportedly includes sensitive information that may be used to compromise Samsung devices.
The publication vx-underground, which tracks information about malware across the web, tweeted a message that Lapsus$ released to their followers. It alleges that the hack includes “source code from every Trusted Applet installed on all Samsung devices” and “confidential source code from Qualcomm.”
LAPSUS$ extortion group have successfully breached both NVIDIA & Samsung.
-March 1st: They demand NVIDIA open-source its drivers, or else they will
-March 4th: LAPSUS$ released Samsung proprietary source code.See attached images for more details directly from LAPSUS$ pic.twitter.com/U3VD7R2KRl
— vx-underground (@vxunderground) March 4, 2022
The leak also purportedly includes the algorithms for biometric unlock operations and the source code for Samsung Accounts, a login service associated with Samsung’s mobile devices.
According to Bleeping Computer, the torrent has been shared by more than 400 peers, and includes a text file that describes the content available in the download:
- “Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Part 2 contains a dump of source code and related data about device security and encryption
- Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)”
The Nvidia hack was reported to be a ransom plot, with the hackers threatening to leak Nvidia’s mining limiter bypass algorithm. Lapsus$ claimed that Nvidia hacked them back but maintained that they still had a copy of Nvidia’s confidential data.
Currently, there is no information about an extortion plot associated with the Samsung incident, with all files in the hack being released simultaneously. It is unknown if Lapsus$ has attempted to extort Samsung for a ransom.
Samsung has yet to respond to the security breach.