Nvidia hackers claim responsibility for Samsung data breach

7 Mar 2022

Image: © Tobias Arhelger/Stock.adobe.com

Samsung confirmed a breach involving ‘some source code relating to the operation of Galaxy devices’.

A week after it was revealed that Nvidia was hit with a cyberattack, the same cybercriminals claim to have leaked almost 190GB of data from Samsung.

The South Korean tech giant confirmed today (7 March) that hackers stole internal company data and source code for Galaxy devices.

Future Human

“There was a security breach relating to certain internal company data,” Samsung said in a statement to Bloomberg. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers.”

According to a report from Bleeping Computer, extortion gang Lapsus$ posted a note online at the end of last week to say it was leaking data including “confidential Samsung source code” originating from a breach.

Lapsus$, which is believed to be based in South America, claimed to have stolen critical information including algorithms for all biometric unlock operations, bootloader source code for newer Samsung devices and full source code for the technology used in authorising and authenticating Samsung accounts.

In its statement today, Samsung did not confirm or deny the identity of the hackers or whether they had stolen data related to encryption and biometrics.

Attack on Nvidia

If the Lapsus$ claims are true, this will be the gang’s second major target reported in less than week after a significant cybersecurity incident at Nvidia was discovered.

The cybercriminals claim to have taken 1TB of data from the chipmaker and have already published some of the data they allegedly stole.

According to data breach monitoring website Have I Been Pwned, impacted data includes the credentials of more than 70,000 Nvidia employees.

The gang said it would start leaking the rest of the data unless Nvidia disabled its GPU-limiting Lite Hash Rate (LHR) functionality, which makes it harder to mine cryptocurrency like Ethereum.

The group is also believed to have stolen two code-signing certificates, which are used by software developers to digitally sign applications, drivers and software programs as a way for end users to verify a developer’s identity and ensure that the code has not been tampered with.

Security researchers discovered that the stolen certificates were being used to sign malware and other tools used by threat actors to make them appear trustworthy.

Restrictions on Russia

In a statement on 1 March, Nvidia said it had no evidence that the cyberattack was related to the Russia-Ukraine conflict.

But the attacks come as Nvidia and Samsung join other tech companies introducing restrictions in response to Russia’s invasion.

Nvidia told PCMag on Friday (4 March) that it’s halting all product sales to Russia and on the same day Samsung announced that it is suspending all product shipments to Russia due to the ongoing conflict.

The two tech giants join Apple, Microsoft, AMD, Intel and a host other companies that have stopped selling their products to Russia.

Updated, 4.30pm, 7 March 2022: This article was updated to include Samsung’s statement.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Jenny Darmody is the deputy editor of Silicon Republic

editorial@siliconrepublic.com