Hackers Report Leaking 190GB of Samsung Data, Source Code

See also: The Ransomware Files, Episode 2: Bridging the backup loopholes

Information Security Media Group was able to verify that the alleged leak was posted by the Lapsus$ gang on their official Telegram channel, which has 13,724 subscribers, at the time of writing (March 5).

The gang has posted a 190GB torrent file of Samsung data.

The LAPSUS$ extortion group has successfully breached NVIDIA and Samsung.

-March 1: They require NVIDIA to open-source their drivers, or they will
-March 4: LAPSUS$ released Samsung's proprietary source code.

See attached images for more details directly from LAPSUS$ pic.twitter.com/U3VD7R2KRl

— vx-underground (@vxunderground) March 4, 2022

A Samsung spokesman was not immediately available for comment.

filtered material

The group released a sneak peek on its Telegram channel before posting the data saying, "Get ready, Samsung data is coming today." The gang then released sensitive data from Samsung's source code in a compressed file, available as a torrent, and divided it into three parts, which includes nearly 190GB of data.

Lapsus$ posted a description of the leak, which it says includes: source code for each Trusted Applet installed on all TrustZones on Samsung devices with specific code for each type of TEE OS (QSEE, TEEGris, etc.). Trusted applets are used for sensitive operations, such as full access control and encryption. The group says it also includes DRM and Keymaster/Gatekeeper modules.

Algorithms for all biometric unlock operations include: “Source code that communicates directly with the sensor (down to the lowest level), here we are talking about individual RX/TX bit streams and bootloader source code for all recent Samsung devices, including data and authentication code," says the gang.

The gang also says it has various other data, including Qualcomm's confidential source code. However, it is not yet clear if Lapsus$ has tried to bail out Samsung, as it did in its previous campaign with Nvidia.

The group also says that it offers the source code for Samsung activation servers for initial setup and the full source code for Samsung accounts that includes authentication, identity, APIs, services, and more.

Increasing attack surface of Lapsus$

The Lapsus$ group first came to public attention in December 2021 following a ransomware attack on websites owned by the Brazilian Ministry of Health. The group claimed to have stolen and subsequently deleted around 50TB of data from the ministry's systems.

Previously, it was reported that chipmaker Nvidia suffered a massive outage after a security incident claimed by Lapsus$ affected the company's development tools and email systems (see: Chipmaker Nvidia investigates possible cyberattack).

The threat actor shared a download link on his Telegram channel to an 18GB data dump that he says contains 1TB of stolen sensitive data.

Nvidia released a report acknowledging that a threat actor had stolen employee passwords and failed to disclose Nvidia proprietary information from their systems. This data, he added, has been leaked online.

"On February 23, 2022, Nvidia became aware of a cybersecurity incident that impacted IT resources. Shortly after discovering the incident, we further hardened our network, hired cybersecurity incident response experts, and notified to law enforcement," the company says in its report. .

The Lapsus$ ransomware group later released a portion of the highly sensitive stolen data, including source codes, GPU drivers, and documentation about Nvidia's fast logic controller product, also known as Falcon and Lite Hash Rate or LHR GPU ( see: How the Lapsus$ data leak may affect Nvidia and its customers).

On Wednesday, the hacking group demanded $1 million and a percentage of an unspecified fee from Nvidia for the Lite Hash Rate bypass. Nvidia's LHR reduces Ethereum's crypto mining capabilities by 50% without compromising gaming performance, but this bypass fully restores Ethereum's mining performance.