RansomHouse says AMD has been compromised and has posted data samples on the dark web

Earlier this year, Nvidia was the victim of a cyber attack on it. The consequences were not insignificant, as the organization released a lot of inside information. It leaked DLSS source code, information about upcoming GPUs, and created a solution for its anti-mining LHR technology.

Now it's AMD's (Advanced Micro Devices Inc.) turn, according to information posted by dark web ransom group RansomHouse on its dark web site. AMD has allegedly been hacked and the hackers stole more than 450GB of data. It is unclear whether the data came directly from AMD or one of its partners.

The actual hack allegedly took place in January of this year, but we're just now learning about it. It's unclear which organization is responsible, as the organization talking about it is either the middleman or bought the data from someone else. The dark web ransom group, known as RansomHouse, states on their website that they do not hack or use malware. However, they are allegedly trying to negotiate with AMD for a ransom. The group recently included AMD on its website in an ominous list of companies. It says that the companies on the list "either believe that their financial interests outweigh those of their partners/individuals to whom they entrust their data, or choose to hide the fact that they have been compromised." That sounds like it should translate to "they didn't pay the ransom."

The stolen data allegedly included network files, system information and some passwords belonging to AMD, and the RansomHouse ransom group released samples of the data in its possession, claiming that it was easy to access the data because AMD used common passwords. These include the word "password" as well as "123456" and "AMD!23". The group said it had "over 450GB" of AMD data. The hack was supposed to happen last year, but the hackers set the date for Jan. 5 of this year. On that date, they will lose their connection to the AMD network.

"An era of high-end technology, advancements and top-notch security …… are words that have so much meaning to the masses. But when even technology giants like AMD use simple passwords to protect their networks from intrusion, it seems these are still just pretty words." RansomHouse writes. "Sadly, these are real passwords used by AMD employees, but the bigger shame for AMD's security department. According to the documents we have obtained, the AMD security department received a lot of money - all thanks to these passwords."

RansomHouse claims it is a "community of professional mediators" and not a hacking group. It claims it does not create or deploy malware, nor does it encrypt any of its victims' data. So far, it lists six victims on its dark web site, including ShopRite and the Saskatchewan Liquor and Gaming Authority (SLGA).

AMD responded to questions about the data breach via an official statement. "AMD is aware of unscrupulous individuals who claim to have data stolen by AMD. An investigation is currently underway." An AMD spokesperson said.

The sample included a CSV list of more than 70,000 devices belonging to AMD's internal network. The hackers also had a list of business logins and passwords from the chipmaker, many of which were weak passwords. in its response, AMD said it would take the matter seriously. The chip giant has now launched an investigation. hackers at RansomHouse, which conducts more frequent attacks on systems in order to steal data, have been active since December 2021.

AMD and any high-tech company should require phishing-resistant multi-factor authentication for all logins or, if MFA is not available, strong and unique passwords," said Roger Grimes, a data-driven defense evangelist at security awareness training firm KnowBe4 Inc. Any lesser practice that does not have sufficient offsetting controls would be considered negligent by most computer security experts."

Saryu Nayyar, founder and CEO of unified security and risk analysis firm Gurucul Solutions Pvt Ltd A.G., noted that AMD survived the global chip supply chain crisis during the COVID-19 epidemic, only to fall victim to ransomware from a new data ransomware group.

"Adding to the irony is that AMD employees used 'password' as a password for critical network access," Gurucul added. "How does this still happen in a company with proficient security engineers? Quite frankly, it's unfathomable. It's time to change all passwords and clean up security controls. Seriously, it's time."

From:On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.

<<Pre Post
Next Post>>