Following the disclosure of confidential data and core source code of 75GB of NVIDIA’s core source code, the Lapsus$ Ransomware Group once again disclosed the confidential data and core source code of South Korean consumer electronics giant Samsung Electronics 150GB on March 4, 2022. The interval between the two data breaches was less than a week, alarming the entire industry.
On the morning of March 4, the Lapsus$ Ransomware group released a report containing a large amount of confidential data from Samsung Electronics, as well as the contents of a snapshot of C/C++ instructions in Samsung software, as shown in the following figure.
The Lapsus$ ransomware group said it was about to release Samsung’s data and source code, including:
Source code for each trusted applet (TA) installed in the Samsung TrustZone environment for sensitive operations (e.g. hardware encryption, binary encryption, access control);
Algorithms for unlocking all biometrics;
Bootloader source code for all the latest Samsung devices;
Confidential source code from Qualcomm;
Source code for Samsung activation server;
The complete source code for the technology used to authorize and verify Samsung accounts, including APIs and services.
If what the Lapsus$ Ransomware organization says is true, then Samsung has undoubtedly had a major data breach and is likely to suffer serious harm as a result.
The Lapsus$ ransomware organization split the leaked data into three compressed files, which have reached a total of 190GB and are available in the form of a very popular torrent. More than 400 people have already shared the three files, and the Lapsusus$ Ransomware group has said it will upload to more services to keep up the data downloading speed
In addition, there are brief instructions on how each file is used in the three compressed files:
- Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Part 2 contains a dump of source code and related data about device security and encryption
- Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)
As of now, it’s unclear whether the Lapsus$ ransomware group has extorted a ransom from Samsung Group, or whether Samsung Group has refused to pay the ransom, as NVIDIA did.
At the end of February 2022, LAPSU$ invaded NVIDIA’s internal servers, stole more than 1TB of data, including NVIDIA’s product design blueprints, drivers, firmware, documentation, tools, SDK development kits, etc., and publicly sold the mining restriction cracking algorithm for RTX 30 series graphics cards, and also required NVIDIA to fully open source.
But NVIDIA didn’t compromise with the LAPSU$ ransomware group, so LAPSU$ made public some of the file data in their possession, an 18.8GB RAR archive containing more than 400,000 files, involving a multitude of highly classified documents and source code.
For NVIDIA, the leak of such a huge amount of data and source code files would undoubtedly be a serious blow to the company. With NVIDIA’s lessons, whether Samsung will bow to hackers, we will continue to pay attention.