Let’s roll the 3d6 dice on today’s security drama: Ah, 15, that’s LG allegedly hacked, source code stolen by Maze ransomware gang

Maze ransomware masterminds claim to have stolen source code from LG after hacking into the electronics giant.

Researchers at security outfit Cyble clocked screenshots of files, apparently swiped from LG’s internal network, posted on the malware gang’s website, where the miscreants boast about their victims.

“Soon you’ll be able to know how the LG company lost the source code of its products for one very big telecommunications company, working worldwide,” the crooks warned in an announcement on their site this week.

Maze’s operators not only use their ransomware to scramble file-systems on hacked corporate victims, they also exfiltrate sensitive information, and show a glimpse of that data on their site to prove they mean business. If a victim doesn’t pay up, the gang starts publicly leaking the purloined files. This is particularly effective when companies try to opt for the “nuke and pave” recovery approach of reformatting and restoring from backups, if they have them.

It seems the hackers were able to get into computers linked to LG’s lgepartner.com domain, based on the screenshots we’ve seen, and extract at least some of the data stored within. It appears the files related to internet or cellular-connected devices. LG makes a huge range of stuff, from smart fridges to telecommunications gear. Someone could use the leaked source code to hunt for security vulnerabilities in products to exploit.


Ransomware crims to sell off ‘scandalous’ files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles


It is not yet clear how the attackers were able to get into the corporate network nor which systems and source code may have been on it.

“As per now, the ransomware operators have only released three screenshots as proof of the data breach,” Cyble noted. “One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently. While the other screenshot seems to list out the source code of its products.”

LG, meanwhile, seems to be in the early stages of its response.

“At LG, we take cybersecurity issues very seriously,” a spokesperson told The Register. “We are looking into this alleged incident and will involve appropriate law enforcement agencies if there is evidence that a crime has been committed.” ®

Continuous Lifecycle Online, 15 July 2020. Register Now!

Articles You May Like

Tencent Launches New US Game Studio, LightSpeed LA, for Global Appeal
You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS
Lunar Eclipse July 2020: Date, Timings, and How to Watch Live Stream
OnePlus Upcoming TV Series Will Have Three Models, Prices Teased
5 PC Parts That Tend to Die: How to Extend Their Lifespans

Leave a Reply

Your email address will not be published. Required fields are marked *