A hacker is attempting to sell what they claim is internal Samsung data stolen through a compromised contractor.
A threat actor on a well-known cybercriminal forum claims to have breached Samsung and is selling internal data allegedly belonging to the company.
In a post, the hacker states that they compromised a third-party contractor that provides services to multiple major companies, suggesting that the potential impact of the alleged breach may extend beyond Samsung alone.
According to the attacker, the contractor’s access opened the door to portions of Samsung’s infrastructure, specifically MSSQL databases and AWS S3 buckets.
The post lists the allegedly stolen data, which includes:
- Source Codes
- Private Keys
- SMTP Credentials
- Configuration Files
- Hardcoded Credentials
- User PII
Data samples show internal files and data
The actor also posted data samples, which the Cybernews research team has examined. Among them is a file tree of a few internal Java project structures. This suggests that there might be leaked source code. It’s also likely that it contains hardcoded credentials. However, no examples of these were provided.
“From the employee info, we can tell that this data belongs to Samsung Medison specifically, which is a company that provides medical equipment, and is a part of Samsung Electronics family, but is still operating under their own corporate structure,” Cybernews researchers explained.
A couple of screenshots of allegedly stolen databases included employees’ contact details, such as emails and usernames. From the screenshots, it is unclear what these usernames are used for. Table names suggest that there could also be admin credentials in them.
“Leaked emails alone could result in social engineering attacks for the employees,” our researchers said.
“If there are passwords in other tables, they could be used for credential stuffing which could result in account takeovers if the passwords were reused somewhere else.”
The hacker is promoting the stolen dataset as a “One Time Sale” and wants to be paid in Monero (XMR), a cryptocurrency favored in the cyber underground. The price for the stolen dataset is not announced.
“To say that this is a big Samsung breach would be a bit of a stretch. Yes, we know that one of the companies under the Samsung umbrella was affected, but the scale of the breach is not fully clear,” our researchers said.
Cybernews has contacted Samsung for a comment, but a response has yet to be received.
Third-party breaches have been a pain point
The claims of a third-party breach reflects a broader trend in the cybercrime landscape. Threat actors are increasingly targeting weaker links in the supply chain rather than directly attacking often highly-protected corporate networks.
Unfortunately, a single compromised vendor can unlock dozens of major enterprises. Such devastating attacks have occurred in recent years, including the MOVEit Zero-Day cyber heist, which compromised thousands of organizations globally.
By exploiting a critical flaw in MOVEit transfer software, the Russia-linked ransomware group Cl0p gained access and stole vast amounts of sensitive data.
Previously, a bug in Fortra’s GoAnywhere-managed file transfer software led to breaches of Procter & Gamble (P&G), Shell, Hitachi, Hatch Bank, Rubrik, Virgin, and many other companies by the same gang.
Just this month, Mango fashion chain suffered a third-party breach, which impacted customer data.
In September, Harrods revealed that 430,000 customers had been compromised in a cyberattack via one of its third-party vendors.
In August, TransUnion, one of America’s top three credit reporting agencies, revealed that over four million of its US customers were exposed after hackers breached a third-party application.
In May, M&S suffered a month-long attack, resulting from a third-party vendor phishing attack by the Scattered Spider ransomware group, which cost the company over $400 million in damages.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked