[Security Weekly] Samsung Suffers Massive Source Code Leak by LAPSU$ Hacker Group

samsung source code leak thumbnail

March 2022, Issue II


1. Samsung suffers massive leak of source code by LAPSU$ hacker group

On March 4, South American-based LAPSU$ hacker group claimed to have hacked Samsung Electronics and leaked 190 GB of compressed files containing sensitive data stolen from the company. This attack happened only a week after LAPSU$ breached NVIDIA.

The compressed files were made available online via a torrent link. According to LAPSU$, it had stolen the source code for every trusted applet installed on all Samsung devices’ TrustZone environment, which is used for secure operations like encryption and access control. The group also claimed to have stolen the source code for Samsung’s biometric authentication system, activation servers, bootloader for the latest devices, and authentication and authorization systems for Samsung accounts. Source code for Qualcomm was also said to be included.

Samsung confirmed the attack on March 7, stating that “source code relating to the operation of Galaxy devices” was compromised. Still, the company reassured that customer and employee data were safe and that there is no need for customers to take any individual actions. It did not comment on whether LAPSU$ demanded a ransom payment prior to the leak.

If the hackers’ claims were true, experts suggest that such a massive leak of source code could lead to significant damage to the company’s hardware and software development operations.

Sources: Infosecurity, Engadget, Android Police


2. Automotive giant Denso attacked by Pandora ransomware, Toyota data stolen

Japanese-based automotive supplier Denso, part of the Toyota Group, was attacked by the Pandora ransomware gang, impacting its operations in Germany. Accounting for more than one-third of Toyota Group’s revenue, Denso supplies electrical and electronic components to OEMs including Toyota, Mercedes-Benz, Ford, General Motors, Honda, and more.

On March 10, the attackers gained access to Denso’s network in Germany. The company responded immediately by cutting off the infected network. On March 14, Denso said that the impact was kept within Germany and all global factories remain operational.

Although it remains unknown whether any of Denso’s systems were encrypted, it seems clear that sensitive data had been stolen. On its leak site, the Pandora ransomware gang claimed to have stolen 1.4 TB of data and posted a sample list of 157,000 files containing purchase orders, business emails, vehicle technical component drawings, among other classified information. Japanese cybersecurity firm Mitsui Bussan Secure Directions told the press that these files belong to Toyota.

This makes it the second attack impacting Toyota within less than two weeks. On March 1, Toyota shut down production in Japan for 24 hours due to another cyberattack at a supplier. These frequent attacks signal again the importance of supply chain risk management.

Sources: ZDNet, Bleeping Computer, Automotive News Europe


3. Israeli government websites taken down temporarily by massive DDoS attack

On March 14, the Israel National Cyber Directorate confirmed that a massive distributed denial-of-service (DDoS) attack on a telecommunications provider had led to an outage of all government websites under the gov[.]il domain. The attack was described as the largest DDoS the country has ever experienced.

The government declared a temporary state of emergency to examine potential impacts on the country’s critical electric and hydro infrastructure. Affected websites include the departments of interior, justice, health, welfare, and the prime minister’s office. Defence-related departments were unaffected as these use a different domain.

Israeli officials said that only a state-backed hacker could launch a DDoS attack at this scale, with many believing that Iran was behind the attack. Along with ransomware, DDoS has become increasingly popular and sophisticated, making it one of the greatest threats to governments and organizations. To learn more on DDoS protection, see How to Prepare for the Rise of Ransom DDoS Attacks.

Sources: Threatpost, BankInfoSecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security