AMD working with law enforcement after reports of massive data breach — hack may have uncovered future product details

News
By
published

Initial investigations will weigh the significance of any data theft.

AMD
(Image credit: AMD)

AMD late on Tuesday said that it had begun to investigate claims that its internal network, containing sensitive information, had been breached, reports Bloomberg. The first report about the alleged breach by Intelbroker, a notorious cybercriminal, emerged earlier on June 18 at The Cyber Express. The data that the hackers have allegedly obtained spans details of future products to customer databases, and may also include employee details. 

"We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data," a statement by AMD published by Bloomberg reads. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data." 

Intelbroker reportedly stole and is now trying to sell a vast array of AMD's data, including detailed specifications of upcoming products, property files, ROMs, firmware, internal communications, and source code. Additionally, the pilfered data comprises financial records and comprehensive employee information such as user IDs, names, job roles, phone numbers, and email addresses. This information could jeopardize AMD's competitive edge and thus the breach raises concerns about intellectual property theft and corporate espionage.

Samples of the stolen data shared on BreachForums demonstrate the potential gravity of this breach. Screenshots and snippets from AMD’s internal systems provide insights into the extent of the compromised information. 

This is not AMD's first encounter with cybersecurity challenges. In 2022, the company was targeted by the RansomHouse hacking group, which also claimed to have extracted data from AMD's networks. That incident led to an extensive investigation by AMD to assess the damage and bolster its security measures. 

High-profile data breaches happen from time to time. A couple of years ago hackers stole the credentials of 71,000 Nvidia employees. Probably one of the most significant data breaches also happened in 2022, when hackers stole 122GB of data containing roadmaps of leading high-tech companies from Gigabyte

Intelbroker, the alleged perpetrator of this breach, is known for a series of high-profile cyber intrusions targeting diverse organizations. Notable incidents involving Intelbroker include infiltrations at Los Angeles International Airport, exposing personal and flight details, and compromising U.S. federal agencies through Acuity. Intelbroker's motives seem to range from financial gain through the sale of stolen data to potential geopolitical agendas aimed at disrupting critical infrastructure. 

Anton Shilov
Anton Shilov
Freelance News Writer

Anton Shilov is a Freelance News Writer at Tom’s Hardware US. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.

36 Comments Comment from the forums
  • CmdrShepard
    OK gentlemen:

    1. Unsecured Amazon s3 bucket
    2. Socially engineered user with more privilege than needed to do their day-to-day work
    3. Exploited vulnerability in one of the AMD products used in their own data-center
    4. Any of the above, but they will blame it on random_choice_from("Russia", "China", "North Korea", "Iran")

    Place your bets.
    Reply
  • HaninTH
    CmdrShepard said:
    OK gentlemen:

    1. Unsecured Amazon s3 bucket
    2. Socially engineered user with more privilege than needed to do their day-to-day work
    3. Exploited vulnerability in one of the AMD products used in their own data-center
    4. Any of the above, but they will blame it on random_choice_from("Russia", "China", "North Korea", "Iran")

    Place your bets.
    This is the Standard Operating Procedure these days for any of the 3/4 Lettered departments across any government/corporation.

    Most people won't bother to look beyond the headlines or what they're told, so, 60% of the time, it works, every time!
    Reply
  • derekullo
    Nobody would suspect Switzerland!
    Reply
  • bit_user
    CmdrShepard said:
    1. Unsecured Amazon s3 bucket
    Very unlikely, since the data seems to have been collected from a diverse set of repositories.

    CmdrShepard said:
    4. Any of the above, but they will blame it on random_choice_from("Russia", "China", "North Korea", "Iran")
    Dude, the hackers themselves published details of the data they stole. No need to find a scapegoat, when the criminal announces their exploit to the world!

    P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter.
    Reply
  • CmdrShepard
    bit_user said:
    P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter.
    There are rumors they are from Iran, hence my jab with the blaming.
    Reply
  • KnightShadey
    bit_user said:
    P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter.

    While I agree with much of that, realistically state sponsored hacking is a pervasive reality, and the repercussions sofar seems to be stern words at best. So while the sentiment is logical and sensible to most, in this case the benefit to a country like China (or Russia), whose chip industry is actively being stifled by restrictions/sanctions would likely see great benefit from supporting this hack and rewarding the actual hackers if the data was helpful to their future plans (even if the restrictions are more fab focused).

    Realistically if it were commercial espionage it would be hard to exploit the information without running afoul of future restrictions (lawsuits, sanctions, import bans, etc), but for states that largely ignores IP & business norms and focuses on local markets, they wouldn't have those concerns, making them prime buyers, even if they didn't initiate the exploits.

    Again, not saying they were involved or have supported them, but the obvious benefit is there.

    And while 100% the former is no excuse for the later, it's also disappointing when companies use the state/sophisticated actors as excuses for poor security practices (ala Sony).
    Reply
  • bit_user
    KnightShadey said:
    While I agree with much of that, realistically state sponsored hacking is a pervasive reality, and the repercussions sofar seems to be stern words at best.
    ...as far as you know. I'm not saying there's active retaliation, but we should keep in mind that there are things said & done out of the public eye.

    Payback isn't always in-kind, either. It could be in the form of selling some country more sophisticated weapons or access to spy satellite data... there are lots of options.
    Reply
  • KnightShadey
    bit_user said:
    ...as far as you know. I'm not saying there's active retaliation, but we should keep in mind that there are things said & done out of the public eye.

    True, we don't know it all. However, based on even sub-surface view of the know exploits vs the US, it seems pretty obviously from the of former intelligence & military personnels' comments, as well as even senate intelligence committee members, that the responses are woefully inadequate and the balance is heavily one-sided.

    Most investigations tend to say initial weak response gave the green light for further exploits, and any subsequent efforts don't seem to have slowed the pace.

    Again, I'm not saying that was the case here, but the history is do & deny, and the benefit seems obvious even if the fingerprints are someone else's.

    As this is all speculation at this point, that is my speculation, of course if anyone has concrete evidence I'm sure AMD and others would appreciate the info/insight.
    Reply
  • hotaru251
    NGL...tech companies (and anyone handling sensative data) should start engineering onsite servers that can not connect to unauthorized devices/connections w/o approval from top.

    This prevents a lot of risk & should happen can easily narrow down who possibly allowed it.
    Reply
  • tamalero
    bit_user said:
    Very unlikely, since the data seems to have been collected from a diverse set of repositories.


    Dude, the hackers themselves published details of the data they stole. No need to find a scapegoat, when the criminal announces their exploit to the world!

    P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter.
    might need to re-read.

    original poster said the possibility of AMD or any other company using "blame X country" as a classic PR response.
    Not that they didn't know who would it be.

    It's like in politics, everyone blaming Trump, Biden, Hillary, Russia and Epstein even when things are nothing remotely related to any of them.
    Reply