Samsung confirms cyberattack, says internal data leaked

Samsung Galaxy S22 Ultra
The Samsung Galaxy S22 Ultra is one of the phones running GOS (Image credit: Future)

Samsung has confirmed it has been hit by a data breach, but said no employee or customer data was impacted.

The Lapsus$ cybercrime gang recently published a 190GB-heavy data dump of intel allegedly belonging to company which included a host of confidential and valuable technical data.

Having initially stayed silent following Lapsus$'s declaration, Samsung has now confirmed the breach did take place, but refused to go into much detail about exactly what information was affected.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Samsung security breach

“There was a security breach relating to certain internal company data,” Samsung said in a statement. 

“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption."

Samsung added that it doesn’t expect its operations to be too disrupted by the incident.

Among the data Lapsus$ claimed to have taken is the source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

It's also not known if Lapsus$ made any ransom demands for the data. 

The torrent containing these files has already been downloaded by at least 400 peers, while Lapsus$ says it will be deploying more servers to increase the download speed. 

The threat actor is quickly making a name for itself after it stole a terabyte of sensitive data from Nvidia, and is allegedly currently negotiating with a potential buyer. 

Among the data stolen from the GPU giant were login credentials, and other identity-related information, on more than 70,000 Nvidia employees. Furthermore, the group alleged it stole intel that helped it create a tool that removes the hash rate blocker on the company’s latest GPU devices.

Nvidia has placed a limiter on its RTX 3000 GPU, to discourage Ethereum miners from gobbling up the entire supply. The tool was up for sale for $1 million, but whether or not it works as intended, or if it’s just another virus, is anyone’s guess.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.