IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Nvidia hackers leak 190GB of data allegedly stolen from Samsung

The LAPSUS$ hacking group claims to have breached the tech giant to steal internal data and source code

LAPSUS$, the hacking group responsible for the recent Nvidia hack, claim to have breached tech giant Samsung to steal almost 200GB of sensitive data. 

Among the 190GB trove of exposed files is source code for Samsung’s activation servers, bootloaders and biometric unlock algorithms for all recently released Samsung devices, and trusted applets for Samsung’s TrustZone environment. Confidential source code belonging to Qualcomm is also believed to be among the leaked data 

Members of the LAPSUS$ hacking group have claimed responsibility for the data breach, posting details of the obtained data in a Telegram channel and telling other members to “enjoy” the contents which have been made available to download over Torrent. 

Screenshot of LAPSUS message in Telegram channel

According to the message, the hackers also managed to obtain “various other data”, yet the elements listed could place Samsung device users in immediate threat of being hacked or impersonated by cyber criminals.

For instance, the trusted applets (TA) source codes obtained by LAPSUS$ are installed in Samsung’s Trusted Execution Environment (TEE) known as TrustZone, meaning that the hackers – and everyone who has downloaded the Torrent files – could be able to bypass Samsung’s hardware cryptography, binary encryption, as well as access control. 

The total size of the leaked data comes to about 190GB, which LAPSUS$ split into three compressed files, and more than 400 peers have already downloaded and shared the torrent.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

A Samsung spokesperson said that it has taken steps to bolster its security system "immediately after discovering the incident".

"According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption," they told IT Pro.

Qualcomm wasn't immediately available for comment, and it remains unclear whether the hacking group had any demands for Samsung before it leaked the confidential data. 

News of the hack comes just weeks after researchers found “severe” security flaws in a long line of Samsung's flagship smartphones that, if exploited, would enable attackers to lift cryptographic keys.

It also comes five days after Nvidia confirmed that the LAPSUS$ hacking group had successfully breached its systems on 26 February and distributed 1TB of confidential company data, including security credentials belonging to 71,000 past and present Nvidia employees. 

The hacking collective managed to obtain the data using a double extortion method of operation that involves compromising a victim and stealing data before encrypting their machine, as well as threatening to leak the stolen data if the ransom isn’t paid. Double extortion cases have been on the rise in the past year, with one in seven cases resulting in critical data being leaked. 

Although LAPSUS$’ attacks come amid the escalating cyber warfare caused by the Russian invasion of Ukraine, the hacking group has maintained that it’s “not state sponsored” and that its actions aren’t politically motivated.

Carbonite and Webroot principal solutions analyst Matt Aldridge said that, similarly to "most modern cyber attacks, these gangs continue to be more inventive with the types of data and businesses they target".

"Considering the victim is a high-profile business, the hackers may have posted a message releasing Samsung’s data with a snapshot of its source code so that they can gain additional leverage for a potential ransom demand. However, since the data breach has already occurred and the data has been exfiltrated, no amount of ransom payment can guarantee that all copies of the data will be securely destroyed," he added.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022