Is Lapsus$ targeting Big Tech after Samsung breach?

Samsung now confirmed a breach of its systems, reportedly the perform of hacking gang Lapsus$, which noticed 190GB of the South Korean electronics company’s facts, which includes source code for its Galaxy gadgets, leaked on line. The assault came days just after Lapsus$ breached yet another Significant Tech company, chipmaker Nvidia. Even though equally incidents appear to have been mercenary in nature, protection scientists believe that the gang could be pursuing one more agenda as well.

Samsung confirmed a facts breach on Tuesday. (Image by NurPhoto, a Contributor at Getty Photographs.)

Lapsus$ launched the Samsung knowledge on to its site, as perfectly as submitting it on messaging system Telegram.

Now Samsung verified the breach was genuine and reported that however supply code has been seized by the hackers, no individually identifiable details from workers or clients experienced been accessed.

“We had been a short while ago manufactured mindful that there was a protection breach relating to particular interior organization facts. Immediately soon after exploring the incident, we strengthened our protection process,” a Samsung spokesman reported.

“According to our original investigation, the breach requires some supply codes relating to the operation of Galaxy equipment, but does not include things like the particular facts of our individuals or staff. At this time, we do not anticipate any impact to our company or customers. We have applied actions to avert further more these kinds of incidents and will proceed to serve our customers devoid of disruption.”

The information posted on the net incorporated resource code for every trustworthy applet set up in Samsung’s TrustZone atmosphere, which is employed for sensitive functions this sort of as components cryptography, binary encryption, and obtain handle, algorithms for all biometric unlock functions and what appears to be private resource code from US semiconductor firm Qualcomm.

The attack occurred just a day right after Lapsus$ breached Nvidia’s defences in an incident the place the team claims to have lifted a terabyte of knowledge, which include technical specs for some of Nvidia’s components. Subsequently, Lapsus$ leaked 20GB of this details, which include the credentials of 71,000 Nvidia staff. The business claims it is “investigating a cybersecurity incident which impacted IT methods.”

Who are Lapsus$?

Assumed to be centered in Brazil, Lapsus$ has been on the radar of stability researchers considering that 2020, but gained notoriety final calendar year when it took credit history for targeting Brazil’s overall health ministry, claims Xue Yin Peh, senior cyber risk intelligence analyst at protection small business Digital Shadows. “In that attack, the team claimed to have exfiltrated 50TB of information and erased the facts from the official databases,” Peh suggests. “Subsequent Lapsus$-claimed attacks seemingly qualified other Brazilian organisations or Portuguese-speaking organizations, these kinds of as Impresa, Claro, Embratel, Net, and Localiza.”

These attacks might have emboldened the group to go right after larger sized international targets. “The new assaults from Nvidia and Samsung recommend an growth of their concentrating on scope and interests, likely emboldened by the achievement of past functions,” Peh adds.

Previous assaults have found Lapsus$ demand from customers ransom from its victims, and the team reportedly requested for dollars from Nvidia just before leaking its employee info, however Nvidia has nevertheless to verify this. Samsung has also remained limited-lipped on regardless of whether any ransom demand has been issued, or paid.

The penalties of the Samsung details breach

Although Samsung has claimed that clients will not be afflicted by the breach, the company’s security tricks may well now be up for grabs for its rivals, says Jon Andrews, vice president for EMEA at hazard intelligence platform Gurucul. “Samsung’s competition will have accessibility to business data that will let them to near any aggressive benefit the software giant could have experienced about them,” Andrews suggests.

The fact that Lapsus$ has obtained resource code could also be an indicator that Samsung and its associates may have additional concerns to arrive, states Felix Rosbach, merchandise supervisor at information protection organization comforte. “Getting accessibility to source code may well be a pure coincidence but could also be a focused procedure to enhance effect, steal mental house or to commence a source chain attack,” he says.

Is Lapsus$ concentrating on Large Tech?

Peh believes Lapsus$ is focusing on significant tech organizations like Samsung and Nvidia because they offer you the ideal possibility of a huge fork out-out. “Although the group’s procedures clearly show some divergence, these types of danger actors are finally immediately after a monetary payout,” Peh suggests. “This is probable the scenario for Lapsus$ – the group still left call aspects on victims’ methods, most likely to build interaction for negotiation about ransom payment.”

Andrews claims the group’s motivations may possibly extend further than mere extortion. “Lapsus$ has said in the earlier their actions are not politically determined,” he claims. “But the point that they really do not just just encrypt their victim’s facts and demand from customers a ransom signifies that they are not just following a fast earnings. Alternatively, it seems they have some kind of agenda, what ever that could be.”

Jason Steer, world CISO at danger intelligence enterprise Recorded Upcoming, thinks the timing of the facts becoming leaked, coinciding with the Mobile Globe Congress (MWC) trade exhibit in Barcelona, may possibly not have been a coincidence. With MWC remaining a “huge event” for Samsung, Steer says releasing the facts on the conference’s remaining day might have been “deliberate, to bring about maximum result.”


Claudia Glover is a staff reporter on Tech Monitor.