The group of cybercriminals that operates with ransomware Lapsus, a system that extorts victims by stealing data, on Friday leaked a huge collection of sensitive data claiming to be from Samsung Electronics, the South Korean consumer electronics giant.
The leak comes less than a week after Lapsus published a 20GB document archive of 1TB of data stolen from video card designer Nvidia.
Lapsus published a message with the alleged information it has, including the source code of part of its computer systems. In particular, it is what is known as a “Trusted Applet”, installed in Samsung’s TrustZone environment used for encryption, access control, hardware cryptography and other functions.
All the leaked data adds up to almost 190 GB. It has been split into three compressed files by Lapsus which have now been leaked as an online torrent.
What cybercriminals say they have
Part 1 contains a “dump” of the source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items.
Part 2 contains more data on the source code and data related to the device security and encryption.
Part 3 contains various Samsung Github repositories: mobile defense engineeringSamsung Account Backend, Samsung Pass Backend/Frontend, and SES (Bixby, Smartthings, Store).
The algorithms for all biometric unlocking operations, the bootloader source code for all recent Samsung devices, the secret source code of Qualcommthe source code for Samsung’s activation servers.
In addition, they claim to have the complete source code for the technology used to authorize and authenticate Samsung accounts, including APIs and services has apparently been leaked.
The Lapsus$ group was recently in the news for leaking NVIDIA data online. Nearly 1TB of data was lost in the cyberattack. The group demanded that the controllers of NVIDIA Open Source GPU disable LHR on their graphics cards to unlock their full potential for crypto mining.
It’s unclear whether Lapsus made any claims against Samsung. A report from South Korea mentions that Samsung officials are evaluating the situation. The company has not said anything more on the leak so far.
Following Russia’s invasion of Ukraine, various actors reconfigured and cyberattacks increased. In just two weeks, new groups appeared that support the different factions.
Even the war conflict intensified the fights within these gangs: last week leakedn 60,000 chats that Conti had, one of the largest cybercriminal gangs in the world -creators of a virus called Log4j2-, both with its own members and with victims, journalists and other actors.
So far, no publication has appeared on the blogs of the most important gangs alluding to an attack on Press Reader, the site where more than 7,000 newspapers from around the world upload their paper versions.
Cybercriminals usually do this to demonstrate that they are the actors of information theft, attacks and other illicit practices.