Chinese Hackers Hit Corporate Network of Samsung’s Mobile Payment Subsidiary

LoopPay, a U.S. division of the South Korean electronics giant, was attacked by a group of government-affiliated Chinese hackers. The data breach occurred before the subsidiary’s technology became the core of Samsung’s new mobile payment system.

As early as March, the attacker breached the computer network of LoopPay, which was acquired by Samsung in February.

LoopPay did not learn of the intrusion until late August, when researchers came across LoopPay’s data while tracking the suspected hacker ring, called the Codoso Group, during a separate investigation.

LoopPay executives said the hackers appeared to have been after the company’s technology, known as magnetic secure transmission, or MST. That technique is key to the Samsung Pay mobile payment wallet that made its public debut in the United States last week.

The Codoso Group is known for maintaining a hidden grip on its victims’ systems. Security experts say the group’s strategy is to plant hidden backdoors across victims’ systems so that they continue to infiltrate their networks long after the initial breach.

An investigation into the incident is ongoing. So far there is no indication that the hackers infiltrated Samsung’s systems or that consumer data has been exposed.

But, according to the Times, “two people briefed on the investigation, as well as security experts who have been tracking the Codoso hackers as they have targeted hundreds of victims around the world, said it would be premature to say what the hackers did and did not accomplish since they were discovered in August.”

Samsung introduced Samsung Pay in the United States 38 days after LoopPay learned it had been breached. On average, it takes 46 days before an attack by hackers can be fully resolved, according to the Ponemon Institute.