Ransomware infection at LG, data exfiltrated?

[German]I have received information through various channels that the internationally active Korean company LG was the victim of a ransomware attack. The Maze Group is making a complaint and threatening to release sensitive data.


The notorious Maze Group claims that it has infiltrated the network of Korea-based LG Electronics. The following tweet refers to an article at Forbes.

Bleeping Computer has also published this article on the topic. The facts are quite simple: The Maze Group claims on its website to have infiltrated the network of the South Korean multinational LG Electronics and to have infiltrated and infected it with ransomware.

Details of the attack and the encryption of the files were not given. The hackers claim to have removed sensitive information for projects before encrypting the files in question. These projects are said to involve large US companies.

The Maze gang is currently threatening to publish the captured data if the victim does not pay a ransom. In a statement on Monday last week, the hackers announced that they would publish information about this alleged hack by LG Electronics and provide source code captured in the data theft.


Maze LG
(Maze LG, Source: Bleeping Computer)

The Maze Group told Bleeping Computer  that they stole about 40 GByte source code from the manufacturer during the LG electronics hack.

"Also, we would like to announce that in case of not contacting us today we will share information about attack on Lg. We downloaded 40GB of Python source codes from Lg. Developments for a biggest companies in US, we will share part of source code on Lg later."

The group did not want to name the number of LG devices encrypted by ransomware. On the group's website, however, screenshots with a list of files from a Python code repository appeared – Bleeping Computer mapped them.

Forbes writes, that the code captured by the Maze group is written in Python and appears to be linked to products developed for "[one of] the largest companies in [the] USA". A screenshot posted by Bleeping Computer seems to confirm that the files contain code for LG devices sold by AT&T. One such file has a .KDZ extension, indicating that it is probably firmware for an LG phone – possibly the LG G8X ThinQ.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *