Cyber Incident Victim: LG Electronics

On June 24, 2020, Maze ransomware operators publicly claimed responsibility for breaching LG Electronics' network through a post on their data leak site. The attackers announced they had stolen proprietary information, including 40GB of Python source code related to LG projects involving major U.S. companies. Maze threatened to release portions of the stolen source code unless LG contacted them that day, following their established pattern of publishing victim data when ransom demands went unmet. As proof of the breach, the group published screenshots showing a file listing from a Python code repository, a split archive of a .KDZ file (LG's proprietary firmware format), and Python code snippets from an email forwarding project associated with LG's lgepartner.com domain. The attackers specifically referenced developments for prominent U.S. corporations within the stolen materials but did not identify specific partner companies.

BleepingComputer attempted to verify the claims through multiple LG Electronics email contacts starting June 24 but received no response by publication time on June 25. One media inquiry email bounced back with an automated message stating the recipient address didn't exist. While Maze asserted they obtained source code through the breach, LG did not publicly confirm the incident's validity or scope. The attackers suggested the initial compromise vector might have been CVE-2019-19781, a critical vulnerability in Citrix appliances, though no forensic evidence was provided to substantiate this claim. Maze maintained their operational pattern of escalating data leaks when negotiations failed, positioning the LG intrusion as part of their broader ransomware campaign targeting corporate networks. The incident highlighted concerns about exposure of proprietary development projects and potential supply chain implications through compromised partner domains.