AMD admits hacker stole source code files related to its GPUs

AMD admitted that a hacker has stolen files related to some of its graphics products, but it downplayed the potential impact of the hack.

AMD admitted that a hacker that goes online with the moniker “Palesa” has stolen source code files related to some of its graphics products, but it downplayed the potential impact of the hack.

The hacker claims to have obtained files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture and the upcoming Navi 21, and Arden.

Arden is believed to be the codename for the GPU that will be used in Microsoft’s next-gen Xbox Series X console.

“In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down,” reada a statement published by AMD.

“While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.”

The company launched an investigation with the help of external experts, it is also working closely with law enforcement.

Palesa claims to have stolen the files directly from AMD, he plans to sell them to the highest bidder, he claims to have already received offers between $50,000 and $100,000. The offers are not enough for the hacker, he told TorrentFreak that he valued the source at $100M

Palesa also shared some of the stolen files on GitHub, but they were quickly removed as a result of a DMCA takedown request filed by vendor.

“The alleged leaker further told us that one “source code packet” had already been released. Whether that is limited to the material made available via Github remains unclear but TF was able to find links to a file-hosting site where an archive claiming to be the content was stored.” concludes TorrentFreak. “Given the potentially criminal route via which the content was obtained, we did not download the package.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – AMD, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.