A data blackmail group known as RansomHouse has claimed that it stole more than 450GB of sensitive data from AMD.
Team Red later confirmed that it had launched an investigation into the matter after the situation arose.
They have a more specific methodology – to infiltrate a specific corporate network to extract any data it can obtain, after which a ransom is required if the victim does not want it to be leaked or sold to others.
Providing updates over the past week via Telegram, RansomHouse has stated that it will soon make available for purchase parts of data for a business that has three letters in its name, with the first letter A.
As expected, on Monday, AMD was added to its website. It claims to own 450GB of data, but the exact details of what it contains remain unconfirmed.
Tom’s Hardware highlights how Restore Private reviewed the data released by the group – it found it apparently included “network files, system information, as well as AMD passwords.” The website points out, however, whether the source of information was actually extracted by AMD or one of its subcontractors is a completely different question.
Anyway, RansomHouse said AMD relies on extremely simple passwords such as “password,” which is one of the ways it has managed to gain access to its networks.
The semiconductor and GPU company’s network was compromised on January 5, 2022, according to the group’s statement.
However, RansomHouse told Bleeping Computer that its “partners” broke down and gained access to AMD’s network about a year ago. January 5, 2022, is when the pirates finally lost that access.
AMD has not been contacted by the group because it prefers to sell the data due to the perceived high value. It says that among the 450GB of stolen data is research and financial information. Such data are currently being analyzed so that they can calculate an accurate monetary value.
“No, we didn’t contact AMD because our partners think it’s a waste of time: it’s better to sell the data rather than wait for AMD representatives to react with a lot of bureaucracy involved,” a RansomHouse representative told Bleeping Computer.
Although ransomware was reportedly not involved in the breach, a leaked CSV displays a list of more than 70,000 devices that are apparently connected to AMD’s internal network, in addition to a reported list of AMD company credentials. In addition to “password”, other weak passwords that were reportedly used by AMD employees also included “P @ ssw0rd”, “amd! 23” and “Welcome1”.
Nvidia, Microsoft, Facebook, and other large corporations were all infiltrated in 2022 by the hacking group LAPSUS $, which also claimed to have broken all these companies primarily with weak passwords.