We recently shared here on the blog the news about the attack he suffered Nvidia by a group of hackers «LAPSU$, an extortion group in South America” that illegally infiltrated Nvidia's mail server and installed malware on the software distribution server.
As a result, hacker group allegedly exfiltrated over 1TB of data from Nvidia and which threatened Nvidia to release sensitive information if they don't commit to open source drivers.
The LAPSUS$ hacker group asked NVIDIA to release its drivers for Windows, MacOS, and Linux as open source. If NVIDIA does not respond favorably to this request, the group threatens to release chipset files, graphics, and silicon information for existing and future GPUs.
But it seems that Nvidia has identified the attackers. According to a Twitter post by Vx-underground and backed up by screenshots, the manufacturer of chips infected the perpetrators system with ransomware and encrypted the stolen data in response to the attack.
However, the hacker group claimed that they have a backup of the data.
At the time this information was leaked to the media, it was unclear if it was the attack itself that forced Nvidia to take its systems offline, or if it proactively terminated access to quell the threat, as Nvidia made the systems inaccessible. messaging systems and Nvidia development tools for several days.
According to company sources, Nvidia's internal systems were "completely compromised." Unfortunately, there were no additional concrete details on the scope of the cyberattack or whether Nvidia had fallen victim to the ransomware. It was also unclear to the media whether sensitive information stored on Nvidia's servers was accessed during the reported intrusion.
For its part, an Nvidia spokesperson issued a brief statement confirming the report:
“We are investigating an incident. We have no additional information to share at this time."
Some observers have drawn parallels between the timing of the Nvidia cyberattack and Russia's military action in Ukraine; they speculated that Russian entities could target American and Western companies following sanctions imposed by their respective countries.
In a somewhat interesting turn of events, the “Anonymous” hacker group has apparently declared cyber warfare on the Russian government:
“We are Anonymous. We removed the Kremlin website in support of #OpRussia. Let me know if it appears again… We support the Ukrainian people. We are legion".
This is not the first time that Nvidia has been attacked by cybercriminals. The chipmaker, along with a list of major corporations including Intel, fell victim to the SolarWinds hack in 2020.
“The LAPSU$ extortion group, a group operating in South America, claims to have broken into NVIDIA systems and exfiltrated more than 1TB of proprietary data. LAPSU$ claims NVIDIA was hacked and says NVIDIA successfully attacked their machines using ransomware”
However, it is not every day that we see companies taking matters into their own hands, as most victims entrust the case to the authorities. On the other hand, Nvidia would have been more proactive and launched a cyberattack against the hackers. Unfortunately, if the group's claim to have a backup is valid, Nvidia's efforts may have been in vain.
It is also worth remembering that initially, the hacker group asked Nvidia to remove Lite Hash Rate of the GeForce RTX 3000 cards in question. If NVIDIA refuses, the group could reveal sensitive data related to the Falcon, a chip found in all NVIDIA graphics cards that manages many functions, some of which are security-related.
The group has the data to remove the limiter, but they want the operation to come directly from NVIDIA. Since then, the hacker group has put the LHR circumvention system up for sale for $XNUMX million plus a percentage.
Finally, if you are interested in knowing more about it, you can consult the details In the following link.