Lapsus $ also hits Samsung: 190 GB of data stolen (update)

Malware and virus security The Lapsus $ group has stolen from Samsung's servers and shared nearly 190GB of data online, including the source code of various technologies.


After NVIDIA, the Lapsus $ group also hit Samsung. The cybercriminals posted a screenshot showing a piece of code to confirm that the attack was successful. They later unveiled the contents of the archives containing approximately 190 GB of confidential data. The Korean manufacturer has not made any statements.

Lapsus $ group reported that the stolen data is split into three 7-Zip compressed archives totaling approximately 190GB. The cybercriminals have already shared all the files on the Torrent network, so Samsung has not paid anything (it is not clear, however, if a ransom has been demanded for the decryptor of a ransomware or if it is a trivial extortion).

This is the contents of the archives:

source code of each Trusted Applet installed in the TrustZone environment algorithms for all biometric unlocking operations bootloader source code of all recent devices Qualcomm's confidential source code source code of the activation servers source code of the technologies for authentication and authorization of accounts

Torrenting appears to be very popular with over 400 peers. The Lapsus $ group has announced that it will add more servers to increase the download speed. At the moment, no confirmations have arrived from Samsung. Apparently this is a rather important "data breach" that could cause serious economic and image damage to the Korean company.

Update: Samsung has confirmed the attack and theft of the source code relating to Galaxy devices, however excluding the presence of personal data of customers and employees.