Samsung possible victim of cyber attack by group that previously hacked Nvidia

Samsung was also probably hacked by ransomware gang Lapsus$. The group has claimed responsibility for a recent cyber attack on the South Korean company and has begun publishing the stolen data.

Lapsus$ initially showed some screenshots of potentially sensitive data from Samsung, after which compressed files are now distributed via a torrent. According to Bleeping Computer, this concerns roughly 190GB of stolen data. If the group’s claims are true, then there is very sensitive information out there. Samsung has not yet officially confirmed that it has been hit by a cyber attack, but it says it is currently investigating whether Lapsus$ has demanded compensation; that was the case with the attack on Nvidia.

The original ‘teaser’ of the alleged stolen Samsung files

Based on the descriptions of the files, Lapsus$ allegedly looted source code of the ‘Samsung device boot loaders’, biometric security algorithms and source code for authenticating Samsung accounts. The source code of ‘all Trusted Applets installed in Samsung’s TrustZone environment’ would also have been stolen. It stores a variety of information about hardware cryptography, binary encryption, and access control.

Qualcomm would also have been indirectly affected by the same cyber attack. The ransomware gang also claims to have captured ‘Confidential Qualcomm source files’ in the Samsung hack.

The alleged files that have been captured. The readme text file contains the detailed description of the stolen data

Update, 12:00: Based on the original title, it could be interpreted that Nvidia has used its own hackers to attack Samsung. This is of course not the case; it concerns the same ransomware gang that previously carried out a cyber attack on Nvidia. The title has been clarified.