Vodafone launched an inquiry after a group of hackers claimed that they stole a hundred GBs of source codes from the telecom company. The cybercrime group calls itself 'Lapsus$," which claims to have obtained around 200 GBs of source code files, representing around 5,000 GitHub repositories. According to a statement in an email, Vodafone confirmed that it knows about the situation, and an investigation has been started.
The company said that it is currently enquiring about the claim with law agencies to verify its credibility. But, in general, the types of repositories referenced in the claim have proprietary source code and don't contain customer data.
As of now, the hackers have not exposed any Vodafone source code which they claim to have stolen. However, they are asking tens of thousands of users that subscribed to their Telegram channel to what leak next- Vodafone, e-commerce company MercadoLibre, or Portuguese media company Impresa. The poll ends on March 13. The attack on Impresa resulted in disruption, MercadoLibre confirmed in an SEC filing that source code and 300,000 users' data were leaked.
Last month, Vodafone Portugal has accused of service problems on a 'malicious cyberattack,' however, it's not clear if the cases are linked. Lapsus$ group has also leaked source codes and other information from NVIDIA and Samsung.
NVIDIA confirmed that hackers stole employee credentials and signature certificates. Threat actors stole 190 GB of data from Samsung, confirmed the theft of source codes linked to Galaxy devices, however, it said that employee and customer data wasn't compromised.
The hackers are thinking of getting big ransom payments from affected companies for not publishing the leaked data. From NVIDIA, threat actors asked the company to open-source drivers and delete a feature that restricts Ethereum mining capabilities in a few of the graphics cards.
"The hackers gained access to the company’s Amazon Web Services account and sent emails and text messages to subscribers, the statement said. The hackers accessed some subscriber information, but Impresa said it had no evidence they got hold of subscribers’ passwords or credit card details," says Security Week.
