Cyber Incident Victim: Advanced Micro Devices
Date:
Dec 2019
Location:
United States of America
Summary
A hacker using the alias "Palesa" stole source code files related to several graphics processing units, including current and upcoming architectures such as Navi 10, Navi 21, and Arden—the latter associated with Microsoft's next-generation Xbox console. The perpetrator leaked portions of the data on GitHub, which were subsequently removed following a DMCA takedown request, and attempted to sell the remaining files, claiming a $100 million valuation while receiving lower offers. The company confirmed the breach and initiated an investigation with external experts and law enforcement, downplaying the incident's significance by asserting the stolen intellectual property was not core to product competitiveness or security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2019, AMD was contacted by an individual using the alias "Palesa," who claimed possession of stolen test files related to AMD's current and future graphics products. The hacker specifically referenced source code files associated with GPU architectures including Navi 10, the upcoming Navi 21, and Arden—the latter identified as the codename for the GPU intended for Microsoft's Xbox Series X console. AMD confirmed that some stolen files had been briefly posted online but were subsequently removed. The company initiated an investigation with external cybersecurity experts and collaborated with law enforcement agencies to assess the breach. AMD publicly stated that while the perpetrator possessed additional unreleased files, the compromised intellectual property did not constitute core technology critical to the competitiveness or security of its graphics products. The organization further asserted it had no evidence suggesting the hacker obtained other AMD IP beyond the disclosed graphics-related materials.
Palesa claimed to have acquired the files directly from AMD and attempted to monetize the theft by soliciting buyers, reportedly receiving offers between $50,000 and $100,000—values he rejected while asserting the source code's worth at $100 million. As part of these efforts, the hacker publicly shared portions of the stolen data on GitHub, prompting AMD to file a Digital Millennium Copyright Act (DMCA) takedown request that resulted in the repository's removal. Technology outlet TorrentFreak identified links to external file-hosting platforms containing archives purportedly holding the stolen content but refrained from downloading or verifying the materials due to their potentially illicit origin. AMD maintained its position that the incident posed no material risk to its product roadmap or business operations, emphasizing the non-core nature of the exposed IP throughout its communications. No further disclosures regarding law enforcement outcomes, financial impacts, or subsequent unauthorized data releases were confirmed in the available reporting.