Security Market Segment LS
Thursday, 02 July 2020 08:49

Maze group claims LG attack, but researcher says claim may be false Featured

Maze group claims LG attack, but researcher says claim may be false Courtesy LG Electronics

Cyber criminals claim to have used the Maze ransomware, that can be used to compromise Windows systems, to infiltrate the systems of multinational South Korean electronics giant LG Electronics and siphon off source code for one of the company's "big products".

But their claims have been called into question by Emsisoft's ransomware threat researcher Brett Callow who has described the group as a "bunch of lowlifes", adding that lowlifes are not known for their honesty.

He said his reasoning was based on several factors that had been noticed in the behaviour of groups using Maze after the pandemic began: a change from listing two or three firms in a day to listing a much larger number; posting password-protected archives for which the passwords did not work; auctioning data after the COVID-19 crisis got into full swing; and another group, REvil, claiming to have data on Donald Trump and then claiming to have sold it.

Callow added that it now looked like these groups could be auctioning data from old attacks that happened before they launched their leak site, all tactics that seemed to indicate desperation.

The group published screenshots of files allegedly stolen from the company, which showed a number of files allegedly from a Python code repository.

lg python

Another screenshot showed an archive file with a .KDZ extension, the format for official stock firmware code from LG, the website Bleeping Computer reported.

Judging by the filenames, the files appear to refer to firmware for AT&T devices that were developed for the US market. There are a 41 LG devices listed on the AT&T website.

kdz lg

And a third screenshot listing source for an email forwarding script indicates the owner is from the domain which is owned by LG Electronics.

The group had hinted about the LG hack a few days back, saying in one of its so-called "press releases": "And some future presentation. Soon you’ll be able to know how the LG company have lost the source code of its products for one very big telecommunications company, working worldwide."

lg address

On its South Korean website, LG only has a general email form for submitting queries relating to its products. iTWire emailed the company's US office for comment but the email bounced, saying there was no such user.

Given that, iTWire has written to five individuals listed on the media contacts page, all of whom are for the US only, seeking comment.

An LG spokesman responded to iTWire's request, saying: "At LG, we take cyber security issues very seriously. We are looking into this alleged incident and will involve appropriate law enforcement agencies if there is evidence that a crime has been committed. To date, we have not received communication from any party taking responsibility for this supposed theft."

Said Callow: "The Maze group are criminal lowlifes, and criminal lowlifes are not noted for their honesty. Consequently, their claims should be taken with a pinch — no, make that a bucketful — of salt.

lg domain info

"Whether they actually have the data the claim to have in every case is very questionable. In some cases, it would certainly appear that they did not and were simply attempting to shake companies down by exaggerating — or outright lying — about the amount of data they had obtained in an attack, if there even was an attack."

lg hint


Subscribe to Newsletter here


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News