As February wraps up, we got news about the culmination of a major insider leak in South Korea and hints about several rumored data breaches in the Kingdom of Saudi Arabia. Let’s dive in!

The Criminal Division 25 of the Seoul Central District Court found Mr. Kim, a former employee of Samsung and China's ChangXin Memory Technologies (CXMT), guilty last week. He was sentenced to seven years in prison and a fine of $139 000 for leaking data about Samsung’s 18-nanometer process technology. It is the harshest penalty for an insider in Korea so far. Other co-conspirators were given less strict sentences.

According to sources, Mr. Kim secretly received files with data on semiconductor technology, which he copied and photographed. Soon after that, Mr. Kim moved to ChangXin Memory and used stolen data to improve the manufacturing process, including semiconductor atomic layer deposition technology. The investigation also accused Mr. Kim of the unauthorized access to and sharing of data from Samsung Electronics’ partners.

Samsung Electronics stated that Kim's actions resulted in substantial financial damage. Samsung Electronics invested around 1.6 trillion won ($1.1 billion) in the 18-nm DRAM technology, which is a national core technology.

At the current moment, China's ChangXin Memory Technologies take 5% of the DRAM market share. The company’s market share will grow up to 10% at the end of the year, according to the forecasts. CXMT emerged as a major competitor to other dominant DRAM market players, such as Samsung, SK Hynix, and Micron.

Insider threat is always a sizable risk for big companies. It has the potential to cause significant damage, both in financial and market aspects. Thus, protection of sensitive data is a must for any business body. One of the most threatening leak channels is the plain, straightforward approach of taking desktop photos by phone. An insider can open confidential documents, swiftly take a picture, and go away. It is extremely difficult to detect with classical data protection solutions.

This blind spot is covered by our Next-Gen internal threat protection platform—Risk Monitor. The solution is equipped with an in-built AI-powered tool to detect cases of desktop photographing. It will alert the security team if a document with sensitive information is opened and an endpoint user is trying to take a picture of it.

Another bunch of incidents happened in the Kingdom of Saudi Arabia. According to the rumors, two Saudi Arabian construction companies and several military officials fell victim to data breaches.

Baran Company Limited, a Saudi Arabian engineering contractor, leaked 22 GB of sensitive data. It is safe to assume that documents could potentially relate to electro-mechanical solutions and architectural work.

Al Bawani is a second victim. Al Bawani is a top-5 construction company specializing in commercial and industrial building, social infrastructure, and defense facilities. It has over 12 000 employees across all branches.

According to the rumors, criminals exfiltrated 6.96 TB of documents from the company’s storage, including:

• Clients information
• Projects data
• Employees records.

The company’s portfolio includes projects in the fields of light industries, IT projects, water and power facilities, medium and high voltage systems, etc. Thus, the rumored leak could potentially include a giant trove of sensitive information and data on critical infrastructure. This leak emphasizes the importance of robust and holistic cyber defense because malicious actors can cause not only financial damage but also disrupt the seamless workflow of critical facilities.

Another rumored incident affected Saudi Arabia's military structures and governmental bodies. Alleged criminals exfiltrated sensitive data from the email accounts of several military officials. Criminals put 590 GB of data on sale on the darknet. It is unknown if malicious actors stole credentials or got unauthorized access to the cloud storage linked with email accounts. There is no official statement regarding the rumored data leak.

Stolen data includes such sensitive information as:

• Internal communications
• Strategic documents
• Personnel records
• Technical specifications for critical infrastructure.

In the worst-case scenario, stolen data could be used to facilitate further attacks on the Kingdom’s digital infrastructure. Potentially, this incident could be one of the biggest data leaks since the 2021 Saudi Aramco breach.

The Kingdom of Saudi Arabia heavily invests in the information technology sphere, particularly in cybersecurity. Despite the KSA having around 20 000 cybersecurity specialists in the market, there’s still the situation of excess demand. To address the existing issues and fulfill market requirements, we developed Managed Security Services for internal threat mitigation. The service ensures comprehensive protection against the widest range of internal threats, ranging from data leaks and corporate fraud prevention to the revelation of systematic idleness. Perform the audit of your organization during the 30-day free trial.