Nvidia confirms alienation, proprietary information leaked online
Nvidia has confirmed some of the claims from a little-known ransomware gang that allegedly broke into the network of the GPU giant and stole corporate data.
Nvidia confirmed some of the claims made past a ransomware grouping that said it compromised the chipmaker’s corporate network and stole proprietary data.
The graphics card giant said in a argument to SearchSecurity that it had suffered a cyber attack last week, but normal operations and company action were non impacted.
“On Feb 23, 2022, Nvidia became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” the company said.
“Nosotros have no bear witness of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict. Nevertheless, we are enlightened that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking information technology online. Our team is working to clarify that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.”
Nvidia’due south confirmation came later a Telegraph report Friday that claimed a cyber attack had disrupted some operations for ii days. Later, a group known equally Lapsus$ claimed it had compromised Nvidia’due south networks. While Nvidia confirmed concluding week that information technology was looking into the incident, it did not provide any confirmation of an set on or provide data on the breach until after the weekend.
The relatively unknown Lapsus$ group said it stole roughly ane TB worth of information that included details about the development of upcoming production releases.
Every bit part of its ransom demand, the group demanded Nvidia remove LHR (lite hash rate), a firmware modification that throttles the GPU’due south ability to perform the calculations used to mine cryptocurrency with the aim of discouraging miners from stockpiling graphics cards in the midst of a GPU shortage.
The hackers have since begun leaking some of the pilfered data.
Lapsus$ as well raised eyebrows when it defendant Nvidia of countering the network intrusion with a hack of its ain against the ransomware gang. Co-ordinate to the Lapsus$ crew, someone working for or interim on behalf of Nvidia had used remote administration tools to trace down the arrangement used by the ransomware gang. Lapsus$ claimed that its organization was then infected with a different slice of ransomware as an act of revenge. The grouping said that the infected arrangement was in fact a VM, which contained the stolen Nvidia data and had already been backed up.
Nvidia did not comment on the allegations.
Authorities and many infosec experts have long discouraged companies from trying to “hack dorsum” against ransomware attackers, equally such activity tin can cause collateral damage to innocent parties and place the company at risk of legal bug of its ain.
Dig Deeper on Threat detection and response
Verizon DBIR: Ransomware dominated threat landscape in 2021
Lapsus$ targeting SharePoint, VPNs and virtual machines
Russia-supporting cyber criminal offense gang claims Coca-Cola equally victim
Cisco Talos observes ‘novel increase’ in APT activeness in Q1