Samsung breached, Nvidia hackers claim responsibility
Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group.
Samsung confirmed on Monday that it suffered a data breach involving "certain internal company data."
The confirmation came after Lapsus$, the ransomware gang that previously claimed responsibility for a February cyber attack against Nvidia, on Friday said it had hacked the electronics giant.
Samsung provided a statement to SearchSecurity confirming the breach, saying that it involved Galaxy device source code, but that no employee or consumer personal data was taken.
"We were recently made aware that there was a security breach relating to certain internal company data," Samsung said. "Immediately after discovering the incident, we strengthened our security system. According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees."
The statement continued, "Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption."
No specific threat actor was named.
Like the Samsung breach, Nvidia later confirmed a cyber attack had occurred; the graphics card manufacturer said it became aware of a cybersecurity incident on Feb. 23, and that threat actors "impacted IT resources" and stole both employee credentials and "Nvidia proprietary information" before leaking it online.
On Friday, Lapsus$ published what it claimed was Samsung source code on Telegram.
Little is known about Lapsus$ as a threat actor. In a blog post about the Nvidia attack, Malwarebytes researcher Pieter Arntz wrote that Lapsus$ was a "relative newcomer to the ransomware scene" and that the gang is believed to be based in South America.
"[Lapsus$] has made a name for itself by bringing down big targets like Impresa, the largest media conglomerate in Portugal, Brazil's Ministry of Health, and Brazilian telecommunications operator Claro," Arntz wrote. "The main attack vector is phishing which the group uses to gain a foothold before moving on to breach the network from there."
Jérome Segura, director of threat intelligence at Malwarebytes, told SearchSecurity Lapsus$ has some unique characteristics.
"Lapsus is unlike other cybercrime gangs and so far has been mostly interested in leaking data," he said in an email. " There has been a trend of data leaks in recent weeks, especially around cybercrime actors but other so-called 'vigilante' groups. Lapsus appears to associate itself with gamers and wanting to open-source proprietary software for the good of the community. However, their attacks are nothing but extortion attempts and put users at risk due to potential collateral damage by leaking so much data indiscriminately."
Alexander Culafi is a writer, journalist and podcaster based in Boston.