Samsung Becomes Next Victim of Lapsus$ Ransomware Gang

Mere days after the Lapsus$ ransomware gang pulled off a hit on Nvidia and allegedly exfiltrated around 1TB of data off the chipmaker's network, the same criminal outfit attacked another electronics giant. South Korea's Samsung released a statement on March 7, 2022, that confirmed what the company termed a "security breach".

Lapsus$ claims 190GB stolen

According to the mobile phone giant, data related to its employees and consumers has not been illegally accessed. However, Lapsus$ released a partial leak of the information they appear to have exfiltrated from Samsung's network.

According to sources with infosec website Security Affairs, who published screenshots of the leaked data, it included source code belonging to both Samsung and Qualcomm - the company's main supplier of phone CPUs.

Researchers are worried about a possible leak of Samsung's signing keys as part of the breach. Those keys allow the phone manufacturer to control and maintain the Samsung TrustZone - the multi-component environment that provides security functionality for the company's devices.

Lapsus$ has become one of the most prominent names in ransomware, especially after those last two successful attacks. The same criminal outfit attacked two of Portugal's biggest media outlets. Now the two confirmed attacks on Nvidia and Samsung have really established Lapsus$ as a formidable entity.

Samsung Galaxy source leaked

Samsung confirmed that the exfiltrated information includes "some source code relating to the operation of Galaxy devices". The chunks of code examined as part of the leak published by the hackers, who allegedly stole around 190GB of data, include bootloader source code and authentication code used by Samsung.

The rapid succession in which two major hardware giants were attacked and successfully breached, with massive amounts of data stolen by criminals, shows that nobody is too big to fall when it comes to cyber security.