Maze Ransomware Attack hits LG Electronics

Source: Cybersafe.news

Maze ransomware operators claimed to have breached the South Korean electronics company LG Electronics.

Maze ransomware operators have claimed on their website that they breached the network of the South Korean multinational LG Electronics.

Even though the details of the attack have not been released, the hackers stated that they have stolen from the company proprietary information for projects that involve big U.S. Companies.

This ransomware operator usually publishes information about their victims when their ransom demands are not paid.

They posted in their data leak site that they would provide information about the LG Electronics breach and the source code they stole.

The threat actors claimed to have downloaded 40GB of Python source code from the manufacturer and that they would share part of source code on Lg later.

Later in their leak site, they published alleged proofs of their attack on LG which includes screenshot of a file listing from a Python code repository.

Another screenshot shows a split archive for a .KDZ file, which is the format for official stock firmware code from LG.

It appears that the firmware was developed for AT&T which currently lists 41 phones and four tablets from LG on its device support page.

Another screenshot from the attackers also shows a snippet of Python code for an email forwarding project. This source code indicates that the owner is from the domain lgepartner.com, which is owned by LG Electronics.

Details about how Maze was able to breach LG Electronics’ network is not available. The initial access methods used by the attackers include connecting via an exposed remote desktop connection and pivoting to valuable hosts via compromised Domain Administrator accounts.