Pro-Russian hacktivist group Genesis Day claims to have breached Samsung’s internal servers over South Korea’s collaboration with NATO. The attackers posted an ad on a popular hacking forum, claiming they found their way into Samsung’s internal FTP service.
Because South Korea has recently strengthened its cooperation with NATO and targeted other countries. We hacked into the internal FTP service of the Samsung Group in South Korea.
As per Cybernews‘ investigation, the sample data allegedly includes Samsung’s corporate login manuals, an employee password, and several educational videos. However, it doesn’t appear to contain sensitive information.
The attackers tried to build on the momentum, promising to leak an additional 2.4GB of data belonging to the South Korean conglomerate.
👀👀🤔🤔
Hacktivist group Genesis Day claims to have hacked and accessed internal systems at #Samsung
They claim its due to #SouthKorea‘s increased involvement with #NATO #cybersecurity #infosecurity #breach #genesisday pic.twitter.com/9ieyKNfxlv
— CyberKnow (@Cyberknow20) January 18, 2023
The Rise of Genesis Day
In recent years, there has been an increase in hacking groups and individuals believed to be linked to Russia. In November last year, Heimdal launched an investigation into the Russian cybercrime trend following the rise in attacks such as data breaches, website defacements, and denial-of-service attacks.
Many experts believe that these groups are backed by the Russian government and are used as a tool for cyberespionage, while also allowing them to operate on a larger scale and carry out more sophisticated attacks.
Russian threat actors are known to use advanced tools and techniques, including zero-day exploits, malware, and phishing campaigns. They are also known to use a variety of tactics to evade detection and maintain access to compromised systems.
Samsung Cyberattacks
In the beginning of 2022, Samsung was targeted by the Lapsus$ cybergang, who claimed to have obtained 190 Gb of data from the company. The stolen data included source code for Galaxy devices and more than 6,000 secret keys, such as private keys, login credentials, and keys for services like AWS, GitHub, and Google.
Regarding the latest attack, the South Korean giant has not released a statement yet.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.
