The infamous ransomware Lapsus$ announced right after Nvidia incident their next victim: Samsung.

On March 4, Lapsus$ published a description of the upcoming leak, saying that it contains “confidential Samsung source code” originating from a breach. The full announcement is present below:

Lapsus$ split the leaked data in three compressed files that add to almost 190GB and made them available in a torrent that appears to be highly popular, with more than 400 peers sharing the content. The extortion group also said that it would deploy more servers to increase the download speed.

Included in the torrent is also a brief description for the content available in each of the three archives:

• Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items
• Part 2 contains a dump of source code and related data about device security and encryption
• Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)

It is unclear if Lapsus$ contacted Samsung for a ransom, as they claimed in the case of Nvidia.

Samsung Electronics Co. has confirmed it suffered a cybersecurity breach that exposed internal company data, including source code for the operation of its Galaxy smartphones,