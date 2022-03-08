The Lapsus $ crime groupknown for type attacks ransomware is that also recently copied NVIDIAclaimed last Friday, March 4, a cyber attack targeting the South Korean tech giant Samsung.

The result of this attack, the exfiltration of files from the company’s machines, was shared with the methods now consolidated by the criminal group, that is, via the Telegram channel. The data leak includes 190 GB of data for which, presumably, a ransom has been demanded from Samsung, although no public claim has yet appeared.

Lapsus $ ransomware attacks Samsung

The Lapsus $ group claimed to have managed to hack into Samsung’s servers and posted nearly 190GB of sensitive data onlineincluded original source codes of applications developed by the company e data from various projects related to Galaxy devices.

The data leak was distributed, in fact, through the Telegram channel to which Lapsus $ belongs to communicate its operations, in the form of sharing on the Torrent network, divided into 3 files to improve the transfer speed. The large number of torrent peers active on this data do the rest of the work (about 400 active ones within hours of communication).

What’s in the leaked Samsung archive?

According to indications provided by the Lapsus $ group itself, the attack would have allowed criminal hackers to exfiltrate internal data of the technology giant including:

source code for each Trusted Applet (TA) installed on all Samsung TrustZone (TEE) devices with specific code for each type of TEE OS (QSEE, TEEGris etc.);

algorithms for all biometric unlocking operations, including the source code that communicates directly with the sensor;

bootloader source code for all recent Samsung devices, including Knox data and code for authentication;

various other data such as Qualcomm’s non-public source code.

The attack on Samsung, given the quantity and relevance of the files made public, could be considered of strategic importance for the company and can strongly expose the South Korean giant to reputational risk, as well as, from a technical point of view, reveal important secrets that malicious users may use in the future for other attacks against Samsung-branded devices and software.

Samsung’s answer

In fact, according to The Verge, Samsung has not confirmed or denied the identity of the hackers, or whether or not they stole the encryption and biometric data. Instead, the company confirmed that no personal data, belonging to employees or customers, was stolen.

“There has been a security breach related to some internal company data,” Samsung said in a statement reported by Bloomberg News and SamMobile. “According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact on our business or our customers. We have implemented measures to prevent further incidents of this type and will continue to serve our customers without interruption ”.

