Cyber Threat Actor: Palesa
| Actor Type | Location | Known Incidents |
Criminal
|
China
|
1 incident |
|---|
Profile
The threat actor known by the alias Palesa has been publicly linked to a December 2019 intrusion against Advanced Micro Devices (AMD) in which source code files for several graphics processing unit architectures were allegedly taken, according to AMD’s own admission and subsequent media coverage. The actor is reported to be based in China, although no further geographic details such as city or specific organizational ties have been confirmed in open sources. According to AMD’s statement and subsequent reporting, Palesa claimed to have obtained files related to the Navi 10, Navi 21, and Arden GPU designs, the latter associated with Microsoft’s upcoming Xbox Series X console and referenced in internal roadmaps. The stolen material was initially posted on GitHub, prompting a DMCA takedown request filed by AMD that resulted in the removal of the public repositories. The actor also asserted possession of additional, non‑public files and attempted to monetize the data by offering it for sale to interested parties. In communications with TorrentFreak, Palesa stated that offers received ranged from $50,000 to $100,000 but claimed a personal valuation of $100 million for the source code, indicating a discrepancy between market offers and the actor’s own assessment. AMD acknowledged the breach, launched an investigation with the assistance of external experts and law enforcement, and maintained that the stolen intellectual property was not core to its product competitiveness or security posture.
The incident represents the only publicly documented operation attributed to Palesa, and it illustrates a targeting pattern focused on high‑value technology assets within the semiconductor sector, as evidenced by the theft of GPU source code from a major chip manufacturer. The actor’s stated intention to sell the stolen source code indicates a financially motivated objective, as explicitly noted in the actor’s own remarks about seeking compensation for the data and attempting to negotiate a price. No specific malware families, initial access vectors, or tooling techniques have been disclosed in the available reporting, so no technical TTPs can be inferred from the source material regarding how the intrusion was achieved. Likewise, public sources do not establish any state affiliation, criminal consortium, or broader campaign linkage for Palesa beyond this single episode, leaving the actor’s broader associations unverified. Consequently, the profile is limited to the confirmed facts of the alias, the known location, the AMD GPU source code theft, the attempted financial gain, and the absence of further detail on methods or associations, ensuring that only verifiable information is presented.
