NVIDIA confirms the attack and data theft

NVIDIA has confirmed the attack and theft of proprietary information, some of which have already been posted online by the Lapsus $ group.

NVIDIA confirmed that it suffered a cyber attack last week and that some proprietary information has been posted online. The share was claimed by the Lapsus $ group. Cybercriminals have already shared around 20GB of data and threatened to release the tool that disables the hash rate limiter on GeForce GPUs.

Data theft with extortion

The intrusion into the internal network took place on 23 February. NVIDIA immediately contacted law enforcement and hired security experts to address the threat. The Californian company denied a ransomware attack, but confirmed the theft of employee credentials and proprietary information, some of which have already gone online. The Lapsus $ group reported on Telegram that it had stolen 1 TB of data, including firmware, drivers and development tools. Having received no response from NVIDIA, the cybercriminals posted about 20GB of data on a site hosted by AWS (Amazon Web Services) yesterday. NVIDIA subsequently asked for the site to be shut down, so the data was distributed via Torrent. The RAR archive also includes the source code of DLSS (Deep Learning Super Sampling) technology. The gang also wants to sell the tool that allows you to disable the Lite Hash Rate, or the performance limiter that prevents you from exploiting the power of the GeForce RTX 30 GPUs for mining cryptocurrencies. If NVIDIA releases firmware that removes any limitations, the cybercriminals will not publish the hardware information. The Lapsus $ group asks to be contacted to avoid sharing other data. However, the sum of the "ransom" is not known. The attack has no correlation with the ongoing cyber war between Russian and Ukrainian hackers.

Cyberattack against NVIDIA, but it's not the Russians' fault (update)

NVIDIA has confirmed that it suffered a cyber attack, but this is not the Russian response to the sanctions imposed by the US government.

For two days, some NVIDIA systems have been offline following a cyber attack. The news published by the Telegraph was confirmed by the Californian company. According to Bloomberg, the cybercriminals used ransomware. However, there does not seem to be any correlation with the Russian invasion of Ukraine.

Cyberattack on NVIDIA

According to information received by the Telegraph from an insider, the attack was carried out two days ago. Email servers and developer tools were taken out of use after an intrusion into the internal network. It is not known at the moment whether confidential data or anything else has been stolen. The spokesman for the Californian company, Hector Marinez, said: We are investigating the accident. Our business activities continue without interruption. We are still working to assess the nature and extent of the event and at the moment we have no further information to share. The date of the attack coincides with that of the Russian invasion, but there are no indications of possible links with the war in Ukraine. Some have speculated that the cyber attack against NVIDIA represents retaliation for the sanctions imposed by the US government. President Joe Biden had stated that the United States will respond strongly to any cyberattacks against companies and critical infrastructures. Alejandro Mayorkas, Secretary of Homeland Security, had warned US companies about potential cyber attacks. NVIDIA is the world's leading GPU manufacturer and the chipmaker with the largest market capitalization in the United States (approximately $ 600 billion). Update (02/27/2022): the attack was claimed by the Lapsus $ group who claim to have stolen 1 TB of data, including employee credentials. NVIDIA paid no ransom, but in turn attacked the cybercriminals with ransomware with the aim of erasing the data (unsuccessfully because the group had a backup).