AMD mentioned it’s investigating a possible knowledge breach after RansomHouse, a comparatively new knowledge cybercrime operation, claims to have extorted knowledge from the U.S. chipmaker.
An AMD spokesperson advised DailyTech that the corporate “is conscious of a foul actor claiming to be in possession of stolen knowledge,” including that “an investigation is presently underway.”
RansomHouse, which earlier this month claimed duty for a cyberattack on Shoprite, Africa’s largest retailer, claims to have breached AMD on January 5 to steal 450GB of knowledge. The group claims to be concentrating on corporations with weak safety, and claimed it was in a position to compromise AMD because of the usage of weak passwords all through the group.
“An period of high-end expertise, progress and prime safety… there’s a lot in these phrases for the crowds. But it surely appears these are nonetheless simply stunning phrases when even expertise giants like AMD use easy passwords to guard their networks from intrusion,” RansomHouse wrote on its knowledge leak website. “It’s a disgrace these are actual passwords utilized by AMD workers, however a much bigger disgrace to AMD Safety Division which will get important financing in keeping with the paperwork we received our fingers on — all thanks to those passwords.”
Brett Callow, a ransomware skilled and menace analyst at Emsisoft, advised DailyTech there’s no cause to doubt the group’s claims. “Ransomware operators are untrustworthy bad-faith actors and all their claims ought to be considered with skepticism,” he mentioned. “That mentioned, so far as I’m conscious, not one of the claims they’ve made to this point have confirmed to be false.”
A portion of the stolen knowledge leaked by RansomHouse and seen by DailyTech means that AMD workers had been utilizing passwords so simple as “password,” “123456,” and “Welcome1.” Different knowledge posted by the group seems to incorporate community information and system info. It’s unclear if a ransom demand has been made to AMD, however RansomHouse advises victims to contact its assist staff to obtain “additional directions” on stop full knowledge disclosure.
AMD wouldn’t say if it had acquired a ransom demand, nor would it not say which of its methods had been focused or whether or not buyer knowledge was accessed because of this. The chipmaker additionally declined to reply any questions concerning its password safety measures.
Not like different cybercrime gangs, RansomHouse claims it’s not a “ransomware” group, slightly it describes its operation as a “skilled mediators group,” even when the tip objective of extorting corporations for cash stays the identical.
“Now we have nothing to do with any breaches and don’t produce or use any ransomware,” RansomHouse says on its darkish website. “Our major objective is to attenuate the injury that is perhaps sustained by associated events. RansomHouse members want widespread sense, good battle administration and clever negotiations in an effort to attain fulfilment [sic] of every occasion’s obligations as a substitute of getting non-constructive arguments.”
RansomHouse first emerged in December 2021 and presently lists six victims on its knowledge leak website, the primary of which was Canada’s Saskatchewan Liquor and Gaming Authority (SLGA).