The increasingly-notorious cybercrime group Lapsus$ has published a huge database, allegedly containing sensitive information from Samsung.
The leak, containing 190GB of data broken into three separate databases, was released via torrent.
Lapsus$ says the databases contain the source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.
No confirmation, no ransom demands
The authenticity of the information has not been confirmed and Samsung has been silent on the matter.
Still, should these files turn out to be authentic, it would mean that the company has suffered a breach of epic proportions, with potentially huge repercussions.
The torrent containing these files has already been downloaded by at least 400 peers, BleepingComputer reports, while Lapsus$ says it will be deploying more servers to increase the download speed.
Samsung has also been asked to confirm if the threat actor demanded any ransom in exchange for keeping the data private.
Lapsus$ has been quite active recently, claiming responsibility for a major recent attack against Nvidia, where it claims it stole a terabyte of sensitive data.
Among the data were login credentials, and other identity-related information, on more than 70,000 Nvidia employees. Furthermore, the group alleged it stole intel that helped it create a tool that removes the hash rate blocker on the company’s latest GPU devices.
Nvidia has placed a limiter on its RTX 3000 GPU, to discourage Ethereum miners from gobbling up the entire supply. The tool was up for sale for $1 million, but whether or not it works as intended, or if it’s just another virus, is anyone’s guess.
- Here's our rundown of the best firewalls available today
