Recently the news broke that AMD is investigating a possible data breach after the "RansomHouse" hacker group claimed to have stolen 450 gigabytes of data from the chipmaker, including
For those unaware of RansomHouse, you should know that this is a data extortion group that breaches corporate networks, steals data, and then demands a ransom payment so as not to publicly leak the data or sell it to other threat actors.
And it is that since the last week, RansomHouse has been making fun of Telegram that they would sell the data of a well-known three-letter company that begins with the letter A. Exactly one week ago, on June 20, the group announced via Telegram that they had breached a major company, and then held a contest to see if anyone could correctly guess what the company was. RansomHouse provided a riddle for people to guess the victim, as you can see below.
The group claims on its darknet site that it breached AMD's security on January 5. and obtained the data thanks to the use of weak passwords throughout the organization. These include the actual word "password" as well as "123456" and "AMD! 23” among others. The group claims that it has "over 450 Gb" of data from AMD.
“An era of cutting-edge technology, progress and maximum security…there is so much in these words for the multitudes. But it seems those are still just pretty words when even tech giants like AMD use simple passwords to protect their networks from intrusions,” RansomHouse wrote. "It's a shame that those are actual passwords used by AMD employees, but a bigger embarrassment for the AMD Security Department, which gets significant funding according to the documents we have in our hands, all thanks to these passwords." .
The hackers said that they did not contact AMD with a ransom demand, as selling the data to other entities or threat actors was more valuable.
“No, we have not contacted AMD because our partners consider it a waste of time: it will be more worth selling the data than waiting for AMD representatives to react with a lot of bureaucracy involved”
RansomHouse claims stolen data includes research and financial information, which they say is being analyzed to determine its value.
The hacking group has not provided any proof of this stolen data, other than a few files containing information allegedly collected from AMD's Windows domain.
“As far as I can remember, easy-to-guess passwords like 123456, qwerty, and password have dominated the global list of most used passwords and are undoubtedly used in many corporate settings. Unfortunately, weak passwords can become a literal playground for cyber attackers, particularly when they gain access to your organization's remote access solution and view the identification details of corporate users."
Restore Privacy examined a sample of allegedly stolen data and discovered that it included network files, system information, and AMD passwords. The sample data appears to have been stolen from AMD.
RestorePrivacy received a tip from RansomHouse that an AMD data sample had already been leaked on the group's website. We verified the announcement and information on the darknet.
AMD said in a statement that it is aware of a bad actor claiming to be in possession of stolen data and that an investigation is currently underway.
However, it is important to underline that there is still no official confirmation that the data really belongs to AMD. In response to the attack, AMD says it is investigating the case, but has yet to comment on whether or not the data is real.
Finally if you are interested in knowing more about it About this new version, you can check the details in the following link