AMD working with law enforcement after reports of massive data breach — hack may have uncovered future product details
Initial investigations will weigh the significance of any data theft.
AMD late on Tuesday said that it had begun to investigate claims that its internal network, containing sensitive information, had been breached, reports Bloomberg. The first report about the alleged breach by Intelbroker, a notorious cybercriminal, emerged earlier on June 18 at The Cyber Express. The data that the hackers have allegedly obtained spans details of future products to customer databases, and may also include employee details.
"We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data," a statement by AMD published by Bloomberg reads. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data."
Intelbroker reportedly stole and is now trying to sell a vast array of AMD's data, including detailed specifications of upcoming products, property files, ROMs, firmware, internal communications, and source code. Additionally, the pilfered data comprises financial records and comprehensive employee information such as user IDs, names, job roles, phone numbers, and email addresses. This information could jeopardize AMD's competitive edge and thus the breach raises concerns about intellectual property theft and corporate espionage.
Samples of the stolen data shared on BreachForums demonstrate the potential gravity of this breach. Screenshots and snippets from AMD’s internal systems provide insights into the extent of the compromised information.
This is not AMD's first encounter with cybersecurity challenges. In 2022, the company was targeted by the RansomHouse hacking group, which also claimed to have extracted data from AMD's networks. That incident led to an extensive investigation by AMD to assess the damage and bolster its security measures.
High-profile data breaches happen from time to time. A couple of years ago hackers stole the credentials of 71,000 Nvidia employees. Probably one of the most significant data breaches also happened in 2022, when hackers stole 122GB of data containing roadmaps of leading high-tech companies from Gigabyte.
Intelbroker, the alleged perpetrator of this breach, is known for a series of high-profile cyber intrusions targeting diverse organizations. Notable incidents involving Intelbroker include infiltrations at Los Angeles International Airport, exposing personal and flight details, and compromising U.S. federal agencies through Acuity. Intelbroker's motives seem to range from financial gain through the sale of stolen data to potential geopolitical agendas aimed at disrupting critical infrastructure.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Anton Shilov is a contributing writer at Tom’s Hardware. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.
-
CmdrShepard OK gentlemen:Reply
1. Unsecured Amazon s3 bucket
2. Socially engineered user with more privilege than needed to do their day-to-day work
3. Exploited vulnerability in one of the AMD products used in their own data-center
4. Any of the above, but they will blame it on random_choice_from("Russia", "China", "North Korea", "Iran")
Place your bets. -
HaninTH
This is the Standard Operating Procedure these days for any of the 3/4 Lettered departments across any government/corporation.CmdrShepard said:OK gentlemen:
1. Unsecured Amazon s3 bucket
2. Socially engineered user with more privilege than needed to do their day-to-day work
3. Exploited vulnerability in one of the AMD products used in their own data-center
4. Any of the above, but they will blame it on random_choice_from("Russia", "China", "North Korea", "Iran")
Place your bets.
Most people won't bother to look beyond the headlines or what they're told, so, 60% of the time, it works, every time! -
bit_user
Very unlikely, since the data seems to have been collected from a diverse set of repositories.CmdrShepard said:1. Unsecured Amazon s3 bucket
Dude, the hackers themselves published details of the data they stole. No need to find a scapegoat, when the criminal announces their exploit to the world!CmdrShepard said:4. Any of the above, but they will blame it on random_choice_from("Russia", "China", "North Korea", "Iran")
P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter. -
CmdrShepard
There are rumors they are from Iran, hence my jab with the blaming.bit_user said:P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter. -
KnightShadey bit_user said:P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter.
While I agree with much of that, realistically state sponsored hacking is a pervasive reality, and the repercussions sofar seems to be stern words at best. So while the sentiment is logical and sensible to most, in this case the benefit to a country like China (or Russia), whose chip industry is actively being stifled by restrictions/sanctions would likely see great benefit from supporting this hack and rewarding the actual hackers if the data was helpful to their future plans (even if the restrictions are more fab focused).
Realistically if it were commercial espionage it would be hard to exploit the information without running afoul of future restrictions (lawsuits, sanctions, import bans, etc), but for states that largely ignores IP & business norms and focuses on local markets, they wouldn't have those concerns, making them prime buyers, even if they didn't initiate the exploits.
Again, not saying they were involved or have supported them, but the obvious benefit is there.
And while 100% the former is no excuse for the later, it's also disappointing when companies use the state/sophisticated actors as excuses for poor security practices (ala Sony). -
bit_user
...as far as you know. I'm not saying there's active retaliation, but we should keep in mind that there are things said & done out of the public eye.KnightShadey said:While I agree with much of that, realistically state sponsored hacking is a pervasive reality, and the repercussions sofar seems to be stern words at best.
Payback isn't always in-kind, either. It could be in the form of selling some country more sophisticated weapons or access to spy satellite data... there are lots of options. -
KnightShadey bit_user said:...as far as you know. I'm not saying there's active retaliation, but we should keep in mind that there are things said & done out of the public eye.
True, we don't know it all. However, based on even sub-surface view of the know exploits vs the US, it seems pretty obviously from the of former intelligence & military personnels' comments, as well as even senate intelligence committee members, that the responses are woefully inadequate and the balance is heavily one-sided.
Most investigations tend to say initial weak response gave the green light for further exploits, and any subsequent efforts don't seem to have slowed the pace.
Again, I'm not saying that was the case here, but the history is do & deny, and the benefit seems obvious even if the fingerprints are someone else's.
As this is all speculation at this point, that is my speculation, of course if anyone has concrete evidence I'm sure AMD and others would appreciate the info/insight. -
hotaru251 NGL...tech companies (and anyone handling sensative data) should start engineering onsite servers that can not connect to unauthorized devices/connections w/o approval from top.Reply
This prevents a lot of risk & should happen can easily narrow down who possibly allowed it. -
tamalero
might need to re-read.bit_user said:Very unlikely, since the data seems to have been collected from a diverse set of repositories.
Dude, the hackers themselves published details of the data they stole. No need to find a scapegoat, when the criminal announces their exploit to the world!
P.S. I have no idea where that hacking group is based. Also, I think there's plenty of blame to go around: companies need to do better at securing their data & networks, but countries also shouldn't knowingly harbor (or even sponsor) hacking groups. The former is no excuse for the latter.
original poster said the possibility of AMD or any other company using "blame X country" as a classic PR response.
Not that they didn't know who would it be.
It's like in politics, everyone blaming Trump, Biden, Hillary, Russia and Epstein even when things are nothing remotely related to any of them.