The Green Sheet Online Edition
October 26, 2015 • Issue 15:10:02
Chinese hackers breach LoopPay
An alleged Chinese state-sponsored hacker ring known as the Codoso Group or Sunshock Group apparently breached the corporate computer network of LoopPay Inc. starting as early as March 2015. The Massachusetts-based subsidiary of Samsung Electronics Co. Ltd. is the developer of magnetic security transmission (MST) technology, a core component in the new Samsung Pay mobile wallet released in the United States Sept. 28, 2015.
According to a report published in The New York Times on Oct. 7, LoopPay became aware of the intrusion in late August when an unnamed group discovered LoopPay data while investigating the Codoso Group in a separate breach incident. Earlier this year, the group was linked to a multistage, malicious code attack on the Forbes.com LLC website, which infected the computer systems of site visitors. On Aug. 28, LoopPay hired two private forensics teams to investigate the breach.
Payment data not at risk
LoopPay said it appears the hackers may have been seeking inside information about the MST technology itself. Key executives from LoopPay and Samsung indicated they were confident the infected machines had been isolated and that customer payment data and personal devices were not exposed in any way.
"Samsung Pay was not impacted, and at no point was any personal payment information at risk," said Samsung Chief Privacy Officer Darlene Cedres in a statement. "This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay."
Security experts tracking the Codoso hackers told The New York Times that with the investigation still unfolding, it is premature at this point to estimate the extent of damages to LoopPay; this particular group is known for planting hidden back doors in previous attacks that have continued to infiltrate networks long after the breach.
Lucas Zaichkowsky, Enterprise Defense Architect at AccessData agreed that once cybercriminals do the initial footprint and reconnaissance of the company they wish to target, after the initial entry, an intrusion can escalate quickly, especially when they gain access to privileged credentials.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.