{
	"id": "9f30c7ae-e897-4ad3-840a-18997eb24f51",
	"created_at": "2026-04-06T00:21:34.817393Z",
	"updated_at": "2026-04-10T03:28:46.860883Z",
	"deleted_at": null,
	"sha1_hash": "ed420f8f08bff97473219116324ebd9d12d00a1b",
	"title": "Samsung investigating claims of hack on South Korea systems, internal employee platform",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35891,
	"plain_text": "Samsung investigating claims of hack on South Korea systems,\r\ninternal employee platform\r\nBy Jonathan Greig\r\nPublished: 2023-02-03 · Archived: 2026-04-05 17:00:38 UTC\r\nSamsung is investigating a potential cyberattack and data breach on an internal employee platform and several\r\nsystems in South Korea. \r\nOn Tuesday, a group of hackers going by the name “Genesis Day” claimed it attacked Samsung’s offices in South\r\nKorea because of the country’s recent opening of a mission to the North Atlantic Treaty Organization (NATO).\r\nThe group said it hacked the internal File Transfer Protocol service of the Samsung Group in South Korea as well\r\nas the internal employee system and the Samsung Group intranet. \r\nThey threatened to leak business data from Samsung’s operations in France and more. \r\n\"We are aware of the recent online posting and are in the process of verifying the claim,” a Samsung spokesperson\r\ntold The Record.\r\nAn unknown user in the hacker's forum claims that the Genesis day group has hacked into the internal\r\nFTP service of the Samsung Group in South Korea, as well as the internal employee system and the\r\nSamsung Group intranet.#SouthKorea #darkweb #DeepWeb #databreach #cyberrisk\r\npic.twitter.com/95M1IKmNa3\r\n— FalconFeedsio (@FalconFeedsio) January 18, 2023\r\nThe tech giant was attacked twice in 2022, with the first incident in March when the company said the Lapsus$\r\nextortion group hacked its systems and stole troves of data, including Galaxy smartphone source code.\r\nIn September, the company published a notice telling customers that their U.S.-based systems were hacked in late\r\nJuly. The company’s security team discovered on August 4 that customer information was affected, and they hired\r\na cybersecurity firm in addition to contacting law enforcement.\r\nThe breach involved names, contact and demographic information, dates of birth, and product registration\r\ninformation.\r\nSource: https://therecord.media/samsung-investigating-claims-of-hack-on-south-korea-systems-internal-employee-platform/\r\nhttps://therecord.media/samsung-investigating-claims-of-hack-on-south-korea-systems-internal-employee-platform/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://therecord.media/samsung-investigating-claims-of-hack-on-south-korea-systems-internal-employee-platform/"
	],
	"report_names": [
		"samsung-investigating-claims-of-hack-on-south-korea-systems-internal-employee-platform"
	],
	"threat_actors": [
		{
			"id": "be5097b2-a70f-490f-8c06-250773692fae",
			"created_at": "2022-10-27T08:27:13.22631Z",
			"updated_at": "2026-04-10T02:00:05.311385Z",
			"deleted_at": null,
			"main_name": "LAPSUS$",
			"aliases": [
				"LAPSUS$",
				"DEV-0537",
				"Strawberry Tempest"
			],
			"source_name": "MITRE:LAPSUS$",
			"tools": [
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d4b9608d-af69-43bc-a08a-38167ac6306a",
			"created_at": "2023-01-06T13:46:39.335061Z",
			"updated_at": "2026-04-10T02:00:03.291149Z",
			"deleted_at": null,
			"main_name": "LAPSUS",
			"aliases": [
				"Lapsus",
				"LAPSUS$",
				"DEV-0537",
				"SLIPPY SPIDER",
				"Strawberry Tempest",
				"UNC3661"
			],
			"source_name": "MISPGALAXY:LAPSUS",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "4fd2e187-fea2-421a-870c-11be83231fd5",
			"created_at": "2023-11-04T02:00:07.652728Z",
			"updated_at": "2026-04-10T02:00:03.384073Z",
			"deleted_at": null,
			"main_name": "Xiaoqiying",
			"aliases": [
				"Genesis Day",
				"Teng Snake"
			],
			"source_name": "MISPGALAXY:Xiaoqiying",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2347282d-6b88-4fbe-b816-16b156c285ac",
			"created_at": "2024-06-19T02:03:08.099397Z",
			"updated_at": "2026-04-10T02:00:03.663831Z",
			"deleted_at": null,
			"main_name": "GOLD RAINFOREST",
			"aliases": [
				"Lapsus$",
				"Slippy Spider ",
				"Strawberry Tempest "
			],
			"source_name": "Secureworks:GOLD RAINFOREST",
			"tools": [
				"Mimikatz"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b",
			"created_at": "2022-10-25T16:07:24.503878Z",
			"updated_at": "2026-04-10T02:00:05.014316Z",
			"deleted_at": null,
			"main_name": "Lapsus$",
			"aliases": [
				"DEV-0537",
				"G1004",
				"Slippy Spider",
				"Strawberry Tempest"
			],
			"source_name": "ETDA:Lapsus$",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434894,
	"ts_updated_at": 1775791726,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ed420f8f08bff97473219116324ebd9d12d00a1b.pdf",
		"text": "https://archive.orkl.eu/ed420f8f08bff97473219116324ebd9d12d00a1b.txt",
		"img": "https://archive.orkl.eu/ed420f8f08bff97473219116324ebd9d12d00a1b.jpg"
	}
}