The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021.

The RansomHouse extortion gang claims to have stolen 450 GB of data from the chipmaker giant AMD in 2021 and threatens to leak it or sell it if the company will not pay the ransom.

The company has been added this week to the gang’s dark web leak site:

According to BleepingComputer, a RansomHouse partners has breached the network of AMD a year ago, but the leak site reports January 5th, 2022, as the date of the compromise.

RansomHouse launched its operation in December 2021, unlike other extortion group, the gang doesn’t encrypt data, but focuses on data theft to speed up its activity.

This means that threat actors did not infect AMD systems, but once obtained access to its networks had stolen internal data.

Allegedly stolen data includes corporate research and financial documents, but at this time the only published a few files containing information from an internal network likely collected during a reconnaissance phase.

One of the files, all_computers.csv, contains a list of over 77,000 machinese hosted on the AMD’s internal network. Another leaked file, sample_passwords.txt, includes a list of weak AMD user credentials, such as ‘password’, ‘P@ssw0rd’, and ‘amd!23.’

AMD is currently investigating the alleged security breach.

At the time of this writing the leak site includes the name of five organizations hit by the group:

  • SHOPRITE HOLDINGS LTD
  • AHS Aviation Handling Services GmbH
  • Dellner Couplers AB
  • Jefferson Credit Union
  • Saskatchewan Liquor and Gaming Authority

[출처 : SecurityAffairs / 6.29.]