Skip to main content

Hackers targeted AMD to steal huge 450GB of top-secret data

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

As reported by Bleeping Computer and Tom’s Hardware, RansomHouse is not your regular hacking group that randomly targets whoever they can.

They have a more specific methodology — infiltrate a specific corporate network in order to extract any data it can obtain, after which a ransom demand is made if the victim doesn’t want it leaked or sold to others.

By providing updates over the past week via Telegram, RansomHouse stated it would soon make available for purchase tranches of data for a business that has three letters in its name, with the first letter being A.

As expected, on Monday, AMD was added to its website. It claims to be in possession of 450GB of data, but the exact details pertaining to what that contains remain unconfirmed.

Tom’s Hardware highlights how Restore Privacy reviewed the data published by the group — it found that it seemingly includes “network files, system information, as well as AMD passwords.” The website points out a caveat, though — whether the source of information has actually been extracted from AMD or one of its subcontractors is another question entirely.

In any case, RansomHouse said that AMD relied on extremely straightforward passwords such as, well, “password,” which is one of the ways it managed to gain access to its networks.

The semiconductor and GPU company’s network was compromised on January 5, 2022, according to the group’s statement.

However, RansomHouse told Bleeping Computer that its “partners” breached and gained access to AMD’s network around a year ago. January 5, 2022, is when the hackers ultimately lost that access.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

AMD was not contacted by the group as it prefers to sell the data due to the perceived high value. It says that among the 450GB of stolen data is research and financial information. Such data is currently being analyzed so they can calculate an exact monetary value.

“No, we haven’t reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather than wait for AMD representatives to react with a lot of bureaucracy involved,” a RansomHouse representative told Bleeping Computer.

Although ransomware was reportedly not involved in the breach, a leaked CSV shows a list of over 70,000 devices that are seemingly connected to AMD’s internal network, in addition to a purported list of AMD corporate credentials. As well as ‘password’, other weak passwords that were reportedly used by AMD employees also included “P@ssw0rd,” “amd!23,” and “Welcome1.”

Nvidia, Microsoft, Facebook, and other large corporations were all infiltrated throughout 2022 by the hacking group LAPSUS$, who also claimed to have breached all these firms predominantly via weak passwords.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
North Korean hackers are targeting crypto workers
A hand on a laptop in a dark surrounding.

Hackers believed to be associated with the North Korean-based cybercriminal group Lazarus have attempted yet another digital heist by targeting cryptocurrency firm deBridge Finance.

As reported by Bleeping Computer, deBridge operates as a “liquidity transfer protocol that allows decentralized transfer of data and assets” between multiple blockchain platforms.

Read more
North Korean hackers target huge crypto exchange — are user funds safe?
A depiction of a hacker breaking into a system via the use of code.

North Korean hackers are attempting to lure in cryptocurrency experts via bogus job offers for crypto exchange platform Coinbase.

As reported by Bleeping Computer, a campaign orchestrated by the well known North Korean Lazarus hacking group has been uncovered, and its target is those involved in the increasingly popular fintech (financial technology) industry.

Read more
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more