In a nutshell: It appears that the South American group behind the Nvidia and Samsung hack may have been responsible for another attack without the victim even knowing about it. Vodafone is investigating Lapsus$ claims that the telecoms giant’s source code was stolen and may be about to dump 200GB of stolen data.
Earlier this week, Lapsus$ posted a poll on their Telegram channel asking, “What should we leak next?” There are three options: Vodafone, Impresa and MercadoLibre/MercadoPago.
CNBC reports that 56% of the votes were in favor of dumping 200 GB of Vodafone source code. The poll ends March 13, so it looks like a British firm will be chosen.
The representative said CNBC: “We are investigating this claim with law enforcement and we are unable to comment on the veracity of the claim at this time. However, we can say that usually the types of repositories referenced by the claim contain proprietary source code and do not contain customer data.”
Argentinean e-commerce company MercadoLibre/MercadoPago and Portuguese media conglomerate Impresa, both of which suffered data breaches late last year, did not respond to requests for comment.
The last few weeks Lapsus$ has been on a rampage. Nvidia recently had a 1TB leak of stolen data that exposed the credentials of over 70,000 employee accounts. The group also claims to have used the stolen information to create a tool that can bypass Nvidia’s Lite hash rate limiter without flashing or updating the firmware on the graphics card. He offered the instrument to potential buyers for $1 million.
The LAPSUS$ ransomware group successfully hacked both NVIDIA and Samsung.
-March 1: They require NVIDIA to open source their drivers or they
– March 4: LAPSUS$ released Samsung’s own source code.
See attached images for more details directly from LAPSUS$. pic.twitter.com/U3VD7R2KRl
— vx-underground (@vxunderground) March 4, 2022
The hackers then claimed an attack that leaked 190GB of sensitive information from Samsung, including encryption data and source code for the company’s latest devices. The leak also allegedly contained algorithms for biometric unlock operations and the source code for Samsung Accounts, a login service associated with Samsung mobile devices.
Image credit: B_A