Hackers stole source code of future Xbox and AMD products; $100M USD ransom demanded

The most important technology companies are also exposed to hacking. A group of security testing course experts mentions that, over the past few days, an unidentified hacker leaked some snippets of the Xbox Series X console’s graphics processing unit (GPU) code, as well as some nearby AMD products to be released on the Market. The stolen material was posted to a GitHub repository.

In this regard, AMD has already begun taking appropriate legal action against GitHub repository drivers (xxXsoullessXxx), pointing to multiple violations of the Digital Millennium Copyright Act (DMCA). The platform immediately deleted the repository in question, and published a press release referred to: “This repository contains intellectual property that was unlawfully obtained from AMD”. Unofficially, some enthusiasts said hackers demanded a millionaire ransom.

According to security testing course experts, days later the person responsible for the attack reappeared. The alleged hacker claims to be a young woman who, without revealing further details, contacted a website specializing in cybersecurity news to reveal her crime, further claiming to have valued the stolen code at around $100 million USD. The hacker mentioned that in case AMD didn’t make a payment for this amount, it would filter all the code on the Internet.  

“A few months ago I found the source code for these products on a compromised server,” the hacker said. “This information was on an exposed server that I was able to access using some exploits. Needless to say, the security of this system was very poor, which is very bad for a company like this.” Finally, the hacker mentioned that the stolen code is part of the Navi 10, Navi 21, and Arden GPUs, the code name of the Xbox Series console’s graphics processing chip, which will be released this year.

A group of security testing course experts claims to have detected a trace left by the hacker, although they did not download the code, as this could cause them legal problems. They also mentioned the existence of four other repositories that have already been deleted.

While AMD has already acknowledged the incident, the company does not appear to be giving the matter the importance. According to the International Institute of Cyber Security (IICS), this could be because the firm considers that the material exposed does not contain critical data. It should be noted that this is not the first time AMD must deal with similar incidents.