Data extortion group Lapsus$ today leaked a huge collection of confidential data they claim is from Samsung Electronics, the South Korean consumer electronics giant.
The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from GPU designer Nvidia.
Gang teases Samsung data leak
In a note posted earlier today, the extortion gang mocked Samsung’s data release with a snapshot of C/C++ directives in Samsung software.
Shortly after teasing their followers, Lapsus$ posted a description of the upcoming leak, claiming it contains “confidential Samsung source code” from a breach.
- source code for each trust applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
- algorithms for all biometric unlocking operations
- bootloader source code for all recent samsung devices
- Qualcomm confidential source code
- source code for samsung activation servers
- complete source code of the technology used to authorize and authenticate Samsung accounts, including APIs and services
If the above details are correct, Samsung has suffered a major data breach that could cause huge damage to the company.
Lapsus$ split the leaked data into three compressed files that add up to nearly 190GB and made them available in a torrent that appears to be very popular, with over 400 peers sharing the content. The extortion group also said it will deploy more servers to increase download speed.
The torrent also includes a brief description of the content available in each of the three archives:
- Part 1 contains a dump of source code and associated data on Security/Defense/Knox/Bootloader/TrustedApps and various other items
- Part 2 contains a dump of the source code and associated data on device security and encryption
- Part 3 contains various repositories from Samsung Github: Mobile Defense Engineering, Samsung Account Backend, Samsung Pass Backend/Frontend and SES (Bixby, Smartthings, Store)
It’s unclear if Lapsus$ contacted Samsung for a ransom, as they claimed in the Nvidia case.
BleepingComputer has contacted Samsung for a statement on the Lapsus$ data leak and will update the article when the company responds.
It’s a developing story