A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.
Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.
They have a more specific methodology — infiltrate a specific corporate network in order to extract any data it can obtain, after which a ransom demand is made if the victim doesn’t want it leaked or sold to others.
By providing updates over the past week via Telegram, RansomHouse stated it would soon make available for purchase tranches of data for a business that has three letters in its name, with the first letter being A.
As expected, on Monday, AMD was added to its website. It claims to be in possession of 450GB of data, but the exact details pertaining to what that contains remain unconfirmed.
Tom’s Hardware highlights how Restore Privacy reviewed the data published by the group — it found that it seemingly includes “network files, system information, as well as AMD passwords.” The website points out a caveat, though — whether the source of information has actually been extracted from AMD or one of its subcontractors is another question entirely.
In any case, RansomHouse said that AMD relied on extremely straightforward passwords such as, well, “password,” which is one of the ways it managed to gain access to its networks.
The semiconductor and GPU company’s network was compromised on January 5, 2022, according to the group’s statement.
However, RansomHouse told Bleeping Computer that its “partners” breached and gained access to AMD’s network around a year ago. January 5, 2022, is when the hackers ultimately lost that access.
AMD was not contacted by the group as it prefers to sell the data due to the perceived high value. It says that among the 450GB of stolen data is research and financial information. Such data is currently being analyzed so they can calculate an exact monetary value.
“No, we haven’t reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather than wait for AMD representatives to react with a lot of bureaucracy involved,” a RansomHouse representative told Bleeping Computer.
Although ransomware was reportedly not involved in the breach, a leaked CSV shows a list of over 70,000 devices that are seemingly connected to AMD’s internal network, in addition to a purported list of AMD corporate credentials. As well as ‘password’, other weak passwords that were reportedly used by AMD employees also included “P@ssw0rd,” “amd!23,” and “Welcome1.”
Nvidia, Microsoft, Facebook, and other large corporations were all infiltrated throughout 2022 by the hacking group LAPSUS$, who also claimed to have breached all these firms predominantly via weak passwords.