from the hey-that's-the-same-password-I-use-on-my-luggage dept.
RansomHouse extortion group claims AMD as its latest victim:
AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the U.S. chipmaker.
An AMD spokesperson told TechCrunch that the company "is aware of a bad actor claiming to be in possession of stolen data," adding that "an investigation is currently underway."
RansomHouse, which earlier this month claimed responsibility for a cyberattack on Shoprite, Africa's largest retailer, claims to have breached AMD on January 5 to steal 450GB of data. The group claims to be targeting companies with weak security, and claimed it was able to compromise AMD due to the use of weak passwords throughout the organization.
"An era of high-end technology, progress and top security... there's so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion," RansomHouse wrote on its data leak site. "It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords."
A portion of the stolen data leaked by RansomHouse and seen by TechCrunch suggests that AMD employees were using passwords as simple as "password," "123456" and "Welcome1." [...]
Unlike other cybercrime gangs, RansomHouse claims it's not a "ransomware" group, rather it describes its operation as a "professional mediators community," even if the end goal of extorting companies for money remains the same.
"We have nothing to do with any breaches and don't produce or use any ransomware," RansomHouse says on its dark web site. "Our primary goal is to minimize the damage that might be sustained by related parties. RansomHouse members prefer common sense, good conflict management and intelligent negotiations in an effort to achieve fulfilment [sic] of each party's obligations instead of having non-constructive arguments."
It sounds like they have someone with a marketing degree. So who do you suppose are the parties they are mediating between?
(Score: 3, Touché) by janrinok on Thursday June 30 2022, @07:20PM (1 child)
I'm not in the least bit surprised. In fact, I would be far more surprised if they said that people working at AMD were NOT using these passwords - so many people at other companies, and at home, and on their phones do.
(Score: 2) by agr on Friday July 01 2022, @01:23PM
Rejecting user passwords that are on lists of common ones is a standard protective measure as is issuing second factor security dongles to employees. How are we supposed to trust the security design of their processors if they fail to take such basic precautions?
(Score: 2) by Opportunist on Thursday June 30 2022, @08:34PM
And it was in a movie [youtube.com].
(Score: 2) by MIRV888 on Thursday June 30 2022, @09:58PM
It's not amazing that they sound like a corporation doing the soft sell after wrongdoing.
Legitimizing extortion is not a huge step.