Samsung Electronics fell victim to a cyberattack by a hacking group, resulting in a massive data leak. On Monday, the company confirmed the news, saying that the threat actors stole source code necessary to run Galaxy phones. However, the personal information of customers and employees remained intact, and there will be no impact on business operations, it added.
Although Samsung did not name the perpetrators, the South American ransomware gang Lapsus$ claimed responsibility for the attack. On Saturday, the group said they stole 190GB of confidential Samsung data, then released the information via torrent.
Samsung Latest Lapsus$ Victim
On its internal forum, South Korean tech giant Samsung Electronics revealed that it suffered a cyberattack. It led to a significant breach, with hackers stealing 190GB of confidential data, including a source code that operates Galaxy devices. However, the company said that no customer or employee information was exposed, with business operations to continue as usual.
According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees.Samsung Electronics
The tech firm also strengthened its security system and implemented measures to prevent similar incidents. And although It did not specify who was responsible, all evidence suggests it was Lapsus$.
There were rumors about a potential hack over the weekend when the cybercrime group claimed it had infiltrated Samsung servers. They posted a note online saying they would leak the data, along with a snapshot of C/C++ directives in Samsung software. Bleeping Computer got a screenshot of the posts.
Shortly after, the hackers published a description of the information, saying it contains a “confidential source code.” According to Bleeping Computer, the details are as follow:
- Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g., hardware cryptography, binary encryption, access control)
- Algorithms for all biometric unlock operations
- Bootloader source code for all recent Samsung devices
- Confidential source code from Qualcomm
- Source code for Samsung’s activation servers
- Full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
Lapsus$ put the 190GB of stolen data into three files and shared them via torrent. Over 400 peers downloaded the P2P file, with the hacking group saying it would increase servers for better download speeds.
Previous Lapsus$ Victims
Last month, the South American cyber gang stole and leaked 1TB of data, including employee information, from chip-maker NVIDIA. And the hacker claimed that after the data theft, the GPU giant put ransomware on their system. “However, we have a backup, and it’s safe from scum! We are not hacked by competitors’ groups or any sort,” a Lapsus$ member added.
The attack shut down some of NVIDIA’s systems for two days and was in response to the LHR introduction, which limits a GPU’s mining capacity for cryptos. Lapsus$ wanted the feature removed. They also demanded a ransom in return for the credentials of over 70,000 employees and proprietary source code.
It is unclear whether Samsung received such ransom demands.