AMD Probing Claim Of Brazen Cyberattack By RansomHouse Gang

The hackers say they stole 450 gigabytes of data as a result of simplistic company passwords. ‘AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway,’ AMD tells CRN.

ARTICLE TITLE HERE

Semiconductor giant AMD is investigating a probable cyberattack by a group that claims it has stolen 450 gigabytes of data from the company, allegedly due to lax password controls.

RansomHouse, which is a considered a relatively new data extortion gang, asserts on its dark website that it got hold of the files via an intrusion into AMD’s system on Jan. 5, 2022.

The gang says it doesn’t breach security systems per se, but does find ways into networks and then acts as a sort of ransomware “mediator” between attackers and victims, according to published reports.

id
unit-1659132512259
type
Sponsored post

[RELATED STORY: The 10 Hottest Cloud Security Startups In 2022 (So Far) ]

In an interview with CRN, Brett Callow, a ransomware expert and a threat analyst at Emsisoft, said those at RansomHouse want to portray their operation as merely a platform provider for “members” who use their own ransomware tools, including the notorious White Rabbit.

But he said such claims are “probably BS.”

“In reality, they’re very probably the people behind WhiteRabbit,” said Callow. “They’re criminal extortionists.”

Reviewing their claims about Santa Clara, Calif.-based AMD, Callow said he couldn’t say one way or the other whether the cyber-miscreants have swiped actual data from AMD

But he said their claims “have some credibility.”

Contacted by CRN, AMD would only issue a statement that reads: “AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.”

According to a screenshot of RansomHouse’s dark-web message about the incident, the hackers portray themselves as sort of righteous promoters of secure networks – and punishers of those who fail to adequately secure their networks.

In AMD’s case, RansomHouse, which apparently had been teasing on Telegram for weeks about a high-profile hack announcement to come, mocks the simplicity of some of the passwords used by AMD employees within the company network, such as “password” and “P@sswoOrd” and “123456.”

“It’s a shame those are real passwords used by AMD employees, but a big shame to AMD Security Department which gets significant financing according to the documents we got (our) hands on – all thanks to these passwords,” said the message in the screenshot, provided to CRN by Callow.

It then mocks corporate people who talk about sophisticated technologies and security measures. “But it seems those are still just beautiful words when even tech giants like AMD use simple passwords,” RansomHouse writes.

BleepingComputer.com reported that it got hold of folks at the cyber-gang and that they said they didn’t directly contact AMD with a ransom demand because it was more lucrative to just sell the data to others.

“No, we haven‘t reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather then wait for AMD representatives to react with a lot of bureaucracy involved,” said a RansomHouse representative, according to BleepingComputer.

RansomHouse also reportedly said it had actually obtained access to AMD’s network about a year ago, though its website says the material was swiped in January.

“Password security is the first step in having good cyber hygiene,” said Mike Turicchi of Gainesville, Va.-based custom-system builder NCS Technologies. “It is surprising to see AMD not enforce basic security principles for their own employees while promoting their best-in-class security capabilities for their processors. Compromising weak passwords is the oldest trick in the book. I would expect to see some immediate changes in their security department.”

CRN reporter Shane Snider contributed to this report.

Pictured above: A screenshot of RansomHouse’s dark website showcasing alleged pilfered AMD data and a boastful message from the cyber-gang, courtesy of Emsisoft’s Brett Callow.