A massive amount of confidential data has been leaked online, following a cyber attack on South Korean consumer electronics giant Samsung.
The Lapsus$ data extortion gang published a massive collection of files on Friday, which it claims belongs to Samsung Electronics.
The group first published a snapshot of C/C++ instructions in Samsung software, to show that it would be releasing the data online. The group followed that with a description of the upcoming leak, stating that it includes confidential Samsung source code.
The description mentioned the source code for the Trusted Applet of the Samsung’s TrustZone environment, which the company uses for hardware cryptography, access control, and binary encryption.
The leak also allegedly includes bootloader source code for recent Samsung devices, algorithms for all biometric unlock operations, source code for Samsung’s activation servers, the full source code used to authenticate Samsung accounts, and secret Qualcomm source code. Such information reaching the open internet could have devastating consequeces for the South Korean firm.
The total size of the leaked data comes to about 190GB, which Lapsus$ split into three compressed files. When unzipped, the size more than doubles to 402GB.
The data, as well as a text file with details of all the information available for download, was made available as a torrent, and Lapsus$ has already said it intends to deploy more servers to boost the download speed. More than 400 peers have already downloaded and shared the torrent.
Part 1 of the data comprises a dump of source code and associated data about Security/Defense/Knox/Bootloader/TrustedApps and other items, whereas Part 2 contains source code and data about device encryption and security.
Part 3 includes various repositories from Samsung Github, such as the Samsung account backend, Samsung pass backend/frontend, mobile defensive engineering and SES (Bixby, Smartthings, shop).
It is unknown whether or not Lapsus$ had any demands for Samsung before it released the data. The firm recently ceased all shipments of all of its products to Russia following the country’s invasion of Ukraine, and is making charitable contributions to humanitarian causes.
The alleged breach comes less than a week after Lapsus$ made public a 20GB document archive from 1TB of data it stole from an Nvidia GPU designer.
Last week, the group attempted to blackmail Nvidia into opening up its GPU drivers, and threatened to release confidential data if the company did not comply.
Previously, the extortion gang had demanded that Nvidia remove a feature known as LHR (Lite Hash rate) from its graphics cards to make them more capable of completing the intensive calculations necessary for cryptocurrency mining.
Nvidia has acknowledged that it had been hacked and that the attacker was leaking employee passwords and other information online.
The company said it had taken steps to improve its security, notified the concerned authorities, and was working with cyber security experts to respond to the attack. As yet, there is no word from Samsung about similar measures.