Cyber Incident Victim: Samsung Electronics

On January 17, 2023, Samsung Electronics initiated an investigation into claims by a hacking group known as "Genesis Day" that it breached the company’s internal systems in South Korea. The group asserted it compromised Samsung’s internal File Transfer Protocol (FTP) service, employee platform, and corporate intranet, attributing the attack to South Korea’s recent establishment of a NATO liaison office. Genesis Day threatened to leak business data from Samsung’s operations in France but provided no immediate evidence to substantiate their claims. A Samsung spokesperson acknowledged awareness of the online posting and stated they were verifying its validity. Cybersecurity monitoring account FalconFeedsio documented forum posts by an unidentified user detailing the alleged breach, which circulated on hacker forums and social media. This incident followed two confirmed breaches in 2022: one in March involving the Lapsus$ extortion group, which stole source code related to Galaxy smartphones, and another in late July affecting U.S. customer data, discovered internally on August 4.

In the September 2022 breach, Samsung notified customers that unauthorized actors accessed U.S. systems, compromising names, contact details, demographic information, birthdates, and product registration data. The company engaged external cybersecurity experts and law enforcement following that incident. The 2023 Genesis Day claims remained unverified at the time of reporting, with Samsung providing no further details on potential data exposure or operational disruptions. Historical breaches demonstrated persistent targeting of Samsung’s infrastructure, though the scope and success of the January 2023 incident were not independently confirmed. The company’s public response adhered to prior protocols of acknowledging claims, initiating internal reviews, and collaborating with external partners without disclosing mitigation specifics.