{ "id": "d4f9d51e-6adc-45c8-a917-b02838c444c3", "created_at": "2026-04-06T00:12:12.932855Z", "updated_at": "2026-04-10T03:28:46.933089Z", "deleted_at": null, "sha1_hash": "5097e9f41d5a85190b9c8be032e8a1505fe0da16", "title": "Hackers leak 190GB of alleged Samsung data, source code", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3411962, "plain_text": "Hackers leak 190GB of alleged Samsung data, source code\r\nBy Ionut Ilascu\r\nPublished: 2022-03-04 · Archived: 2026-04-05 17:42:05 UTC\r\nThe Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung\r\nElectronics, the South Korean giant consumer electronics company.\r\nThe leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia\r\nGPU designer.\r\nGang teases Samsung data leak\r\nIn a note posted earlier today, the extortion gang teased about releasing Samsung data with a snapshot of C/C++ directives in\r\nSamsung software.\r\nhttps://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nShortly after teasing their followers, Lapsus$ published a description of the upcoming leak, saying that it contains\r\n“confidential Samsung source code” originating from a breach.\r\nsource code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive\r\noperations (e.g. hardware cryptography, binary encryption, access control)\r\nalgorithms for all biometric unlock operations\r\nbootloader source code for all recent Samsung devices\r\nconfidential source code from Qualcomm\r\nsource code for Samsung’s activation servers\r\nfull source code for technology used for authorizing and authenticating Samsung accounts, including APIs and\r\nservices\r\nIf the details above are accurate, Samsung has suffered a major data breach that could cause huge damage to the company.\r\nLapsus$ split the leaked data in three compressed files that add to almost 190GB and made them available in a torrent that\r\nappears to be highly popular, with more than 400 peers sharing the content. The extortion group also said that it would\r\ndeploy more servers to increase the download speed.\r\nIncluded in the torrent is also a brief description for the content available in each of the three archives:\r\nPart 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and\r\nvarious other items\r\nPart 2 contains a dump of source code and related data about device security and encryption\r\nhttps://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/\r\nPage 3 of 4\n\nPart 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend,\r\nSamsung pass backend/frontend, and SES (Bixby, Smartthings, store)\r\nIt is unclear if Lapsus$ contacted Samsung for a ransom, as they claimed in the case of Nvidia.\r\nBleepingComputer has contacted Samsung for a statement about the Lapsus$ data leak and will update the article when the\r\ncompany replies.\r\nUpdate [March 7, 2022]: Samsung confirmed a data breach on its systems and that the intruder had access to source code\r\nused in Galaxy smartphones.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/\r\nhttps://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/" ], "report_names": [ "hackers-leak-190gb-of-alleged-samsung-data-source-code" ], "threat_actors": [ { "id": "be5097b2-a70f-490f-8c06-250773692fae", "created_at": "2022-10-27T08:27:13.22631Z", "updated_at": "2026-04-10T02:00:05.311385Z", "deleted_at": null, "main_name": "LAPSUS$", "aliases": [ "LAPSUS$", "DEV-0537", "Strawberry Tempest" ], "source_name": "MITRE:LAPSUS$", "tools": [ "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "d4b9608d-af69-43bc-a08a-38167ac6306a", "created_at": "2023-01-06T13:46:39.335061Z", "updated_at": "2026-04-10T02:00:03.291149Z", "deleted_at": null, "main_name": "LAPSUS", "aliases": [ "Lapsus", "LAPSUS$", "DEV-0537", "SLIPPY SPIDER", "Strawberry Tempest", "UNC3661" ], "source_name": "MISPGALAXY:LAPSUS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2347282d-6b88-4fbe-b816-16b156c285ac", "created_at": "2024-06-19T02:03:08.099397Z", "updated_at": "2026-04-10T02:00:03.663831Z", "deleted_at": null, "main_name": "GOLD RAINFOREST", "aliases": [ "Lapsus$", "Slippy Spider ", "Strawberry Tempest " ], "source_name": "Secureworks:GOLD RAINFOREST", "tools": [ "Mimikatz" ], "source_id": "Secureworks", "reports": null }, { "id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b", "created_at": "2022-10-25T16:07:24.503878Z", "updated_at": "2026-04-10T02:00:05.014316Z", "deleted_at": null, "main_name": "Lapsus$", "aliases": [ "DEV-0537", "G1004", "Slippy Spider", "Strawberry Tempest" ], "source_name": "ETDA:Lapsus$", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434332, "ts_updated_at": 1775791726, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5097e9f41d5a85190b9c8be032e8a1505fe0da16.pdf", "text": "https://archive.orkl.eu/5097e9f41d5a85190b9c8be032e8a1505fe0da16.txt", "img": "https://archive.orkl.eu/5097e9f41d5a85190b9c8be032e8a1505fe0da16.jpg" } }