A data extortion group known as RansomHouse has claimed it stole more than 450GB of sensitive data from AMD.
Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.
They have a more specific method: infiltrate a specific corporate network to extract all the data it can obtain, after which a ransom is demanded if the victim does not want it to be leaked or sold to others.
Providing updates via Telegram over the past week, RansomHouse stated that it would soon make tranches of data available to a company with three letters in its name, with the first letter A.
As expected, AMD was added to its website on Monday. It claims to hold 450 GB of data, but the exact details as to what that contains remain unconfirmed.
Tom’s Hardware highlights how Restore Privacy reviewed the data published by the group — it found it seemingly contains “network files, system information, and AMD passwords.” However, the website points out a caveat: Whether the source of information was actually extracted from AMD or one of its subcontractors is an entirely different question.
In any case, RansomHouse said AMD relied on extremely simple passwords like, well, “password,” which is one of the ways it has managed to access its networks.
The semiconductor and GPU company’s network was compromised on Jan. 5, 2022, according to the group’s statement.
However, RansomHouse told Bleeping Computer that its “partners” hacked and gained access to AMD’s network about a year ago. On January 5, 2022, the hackers finally lost that access.
AMD has not been approached by the group as it prefers to sell the data due to its perceived high value. It says that under 450 GB of stolen data is research and financial information. Such data is currently being analyzed so that it can calculate an exact monetary value.
“No, we have not contacted AMD because our partners consider it a waste of time: it is more worth it to sell the data than to wait for AMD representatives to respond with a lot of bureaucracy.” RansomHouse representative told Bleeping Computer.
While ransomware was reportedly not involved in the breach, a leaked CSV shows a list of more than 70,000 devices apparently connected to AMD’s internal network, alongside an alleged list of AMD corporate credentials. In addition to ‘password’, other weak passwords allegedly used by AMD employees include ‘[email protected]’, ‘amd!23’ and ‘Welcome1’.
Nvidia, Microsoft, Facebook and other big companies were all infiltrated by the . in 2022 hacking group LAPSUS$who also claimed to have hacked all these companies mainly through weak passwords.