On Monday, Samsung confirmed a security breach that caused the exposure of the company data, including source code related to its galaxy devices. The exposed data does not include the personal information of customers or employees.
The news was first reported on March 4, 2022, by bleeping computer.
The South Korean chaebol has confirmed that it is not anticipating any impact on its business or customers. It has implemented new security measures as a result of the incident to prevent such breaches in the future.
The breach was confirmed after the LAPSUS$ hacking group uploaded 190GB of Samsung data on its telegram channel towards the end of the week. The group exposed the source code for applets installed within trust zone, bootloaders for recent devices, and algorithms for biometric authentication.
LAPSUS$ group, which first emerged in late December 2021, is the same extortionist gang that made away with a 17TB trove of proprietary data from NVIDIA in the last month. To prevent more leaks, the group placed a demand urging the company to remove its Ethereum cryptocurrency mining cap from all NVIDIA 30-series GPUs and to open-source its GPU drivers forever.
It is not clear if such demand was made to Samsung before publishing its information on their telegram channel.
Additionally, the group released over 70000 employee email addresses and NTLM password hashes during the NVIDIA leaks. Many of this information was circulated within the hacker community.
Also, two code signing have been compromised and used to sign malicious windows drivers and other tools often used by hacking crews. Although they have expired, windows still allow them to be used for driver signing purposes.
