Skip to main content

Hackers targeted AMD to steal huge 450GB of top-secret data

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by Bleeping Computer and Tom’s Hardware, RansomHouse is not your regular hacking group that randomly targets whoever they can.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

They have a more specific methodology — infiltrate a specific corporate network in order to extract any data it can obtain, after which a ransom demand is made if the victim doesn’t want it leaked or sold to others.

By providing updates over the past week via Telegram, RansomHouse stated it would soon make available for purchase tranches of data for a business that has three letters in its name, with the first letter being A.

As expected, on Monday, AMD was added to its website. It claims to be in possession of 450GB of data, but the exact details pertaining to what that contains remain unconfirmed.

Tom’s Hardware highlights how Restore Privacy reviewed the data published by the group — it found that it seemingly includes “network files, system information, as well as AMD passwords.” The website points out a caveat, though — whether the source of information has actually been extracted from AMD or one of its subcontractors is another question entirely.

In any case, RansomHouse said that AMD relied on extremely straightforward passwords such as, well, “password,” which is one of the ways it managed to gain access to its networks.

The semiconductor and GPU company’s network was compromised on January 5, 2022, according to the group’s statement.

However, RansomHouse told Bleeping Computer that its “partners” breached and gained access to AMD’s network around a year ago. January 5, 2022, is when the hackers ultimately lost that access.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

AMD was not contacted by the group as it prefers to sell the data due to the perceived high value. It says that among the 450GB of stolen data is research and financial information. Such data is currently being analyzed so they can calculate an exact monetary value.

“No, we haven’t reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather than wait for AMD representatives to react with a lot of bureaucracy involved,” a RansomHouse representative told Bleeping Computer.

Although ransomware was reportedly not involved in the breach, a leaked CSV shows a list of over 70,000 devices that are seemingly connected to AMD’s internal network, in addition to a purported list of AMD corporate credentials. As well as ‘password’, other weak passwords that were reportedly used by AMD employees also included “P@ssw0rd,” “amd!23,” and “Welcome1.”

Nvidia, Microsoft, Facebook, and other large corporations were all infiltrated throughout 2022 by the hacking group LAPSUS$, who also claimed to have breached all these firms predominantly via weak passwords.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more