Cybercrime , Cybercrime as a service , Fraud and cybercrime management
Lapsus$ makes claim just a day after leaking Nvidia credentials
Prajeet Nair (@prajeetspeaks) •
March 5, 2022
Just a day after leaking the credentials of 71,000 Nvidia employees, the Lapsus$ ransomware gang has now leaked a huge collection of confidential data they claim is from Samsung Electronics, the South Korean computing giant. consumer electronics.
See also: The Ransomware Files, Episode 2: Filling the Backup Gap
Information Security Media Group was able to verify that the alleged leak was posted by the Lapsus$ gang on its official Telegram channel, which has 13,724 subscribers, at the time of writing (5 March).
The gang released a 190 GB torrent file of Samsung data.
The dollar extortion group LAPSUS managed to breach NVIDIA and Samsung.
-March 1: they ask NVIDIA to open their drivers, otherwise they will
-March 4: LAPSUS$ released Samsung’s proprietary source code.See attached images for details straight from LAPSUS$ pic.twitter.com/U3VD7R2KRl
— vx-underground (@vxunderground) March 4, 2022
A Samsung spokesperson was not immediately available for comment.
material leakage
The group released a teaser on its Telegram channel before releasing the data saying, “Get ready, Samsung data is coming today.” Then, the gang released confidential Samsung source code data in a compressed file, available on torrent and split it into three parts, which includes nearly 190 GB of data.
Lapsus$ has published a description of the leak, which includes: the source code of each trusted applet installed on the TrustZone of all Samsung devices with specific code for each type of TEE operating system (QSEE, TEEGris, etc. ). Trusted applets are used for sensitive operations such as full access control and encryption. The group says it also includes DRM and Keymaster/Gatekeeper modules.
Algorithms for all biometric unlock operations include: “Source code that communicates directly with the sensor (down to the lowest level), here we are talking about individual RX/TX bit streams and bootloader source code for all recent Samsung devices, including Knox data and code for authentication,” the gang says.
The gang also claims to have various other data, including Qualcomm’s confidential source code. However, it’s not yet clear whether Lapsus$ attempted to ransom Samsung, as it did in its previous campaign with Nvidia.
The group also states that it offers the source code of Samsung activation servers for first time setup and the full source code of Samsung accounts which includes authentication, identity, API, services and many more. .
Lapsus $ growing attack surface
The Lapsus$ group first came to public attention in December 2021 following a ransomware attack on websites belonging to the Brazilian Ministry of Health. The group claimed to have stolen and then deleted approximately 50TB of data from ministry systems.
Earlier, chipmaker Nvidia reportedly suffered a massive outage after a Lapsus$-claimed security incident affected the company’s developer tools and messaging systems (see: Chipmaker Nvidia is investigating a potential cyberattack).
The threat actor shared a download link on his Telegram channel to an 18GB data dump which he claims contains 1TB of stolen confidential data.
Nvidia released a report acknowledging that a threat actor stole employee passwords and undisclosed Nvidia proprietary information from its systems. This data, he added, was leaked online.
“On February 23, 2022, Nvidia became aware of a cybersecurity incident, which impacted computing resources. Shortly after discovering the incident, we further strengthened our network, hired experts in response to cybersecurity incidents and notified law enforcement,” the company said in its report. .
The Lapsus$ ransomware group then released some of the highly confidential stolen data, including source codes, GPU drivers and documentation for Nvidia’s fast logic controller product, also known as Falcon and Lite Hash Rate. or LHR GPU (see: How the $Lapsus Data Leak May Affect Nvidia and Its Customers).
On Wednesday, the hacking group demanded $1 million and an unspecified percentage fee from Nvidia for the Lite Hash Rate bypass. Nvidia’s LHR reduces Ethereum’s cryptomining capabilities by 50% without compromising gaming performance, but this bypass fully restores Ethereum’s mining performance.
Comments are closed.