• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
March 10, 2022
Rewterz Threat Alert – APT Group GhostWriter/UNC1151 Targeting Ukraine – Active IOCs – Russian-Ukrainian Cyber Warfare
March 10, 2022

Rewterz Threat Alert – Lapsus$ Ransomware Group Stole Samsung’s Data

March 10, 2022

Severity

High

Analysis Summary

Lapsus$ Ransomware is a new and emerging ransomware group that has successfully attacked major conglomerates and their latest victim is Samsung. Like most ransomware groups, Lapsus$ also infiltrates organizations with a phishing attack. From there on, they exploit vulnerabilities like privilege escalation to get hold of administrative rights and blatantly display their abilities.

Lapsus$ claims to have stolen data from Samsung. They announced their telegram channel and also shared screenshots of the data. Stolen data contains confidential Samsung source code, including:

  • DEVICES/HARDWARE -Source code for every Trusted Applet (TA) installed on all Samsung device’s TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris, etc). THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
  • Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we’re talking individual RX/TX bitstreams here).
  • Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
  • Various other data, confidential source code from Qualcomm.

Lapsus$ gang’s Telegram Channel

“There was a security breach relating to certain internal company data,” Samsung told Bloomberg. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

Impact

  • Financial Theft
  • Data Breach

Affected Vendors

  • Samsung

Indicators of Compromise

MD5

  • bc37863a409ddffdf36937dd4e536aad

SHA-256

  • 9d123f8ca1a24ba215deb9968483d40b5d7a69feee7342562407c42ed4e09cf7

SHA-1

  • b65f8a804d3e87e1ca21ca781f1a0585acab6959

Remediation

  • Search for IOCs in your environment.
  • Block all threat indicators at your respective controls
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.