A few days ago, a group of hackers by the name of “Lapsu$” claimed responsibility for a huge hack into Nvidia’s information system, with the theft of a terabyte of sensitive data. The graphics card manufacturer has now confirmed this malicious act.
“On February 23, 2022, Nvidia became aware of a cybersecurity incident that impacted its computing resources. Shortly after discovering the incident, we further bolstered our network, hired cybersecurity incident response experts, and briefed law enforcement.
We have no evidence that ransomware is deployed on the Nvidia environment or that it is related to the Russian-Ukrainian conflict. However, we are aware that the threat actor took employee credentials and certain Nvidia proprietary information from our systems and began leaking them online.
Our team is working on analyzing this information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident,” explains the American company in a statement sent to the press.
Lapsu$ is a group of South American cybercriminals, specialized in ransomware. At the beginning of January, these pirates attacked the media of the Portuguese group Impresa.
In the case of Nvidia, they would have contented themselves with stealing data. In messages posted on Telegram, they explain that they were able to siphon off Nvidia’s information system for more than a week and recover “diagrams, drivers, firmware, etc. ».
Also see video:
The American company obviously tried to defend itself, but without success. Hackers say they were able to access its information system through an employee’s VPN account. This assumes that the machine used by the hackers is enrolled in the mobile terminal management system (MDM).
After noticing the intrusion, Nvidia administrators reportedly used this software to try to salvage the furniture.
“With that, they were able to connect to a virtual machine that we were using. Yes, they successfully encrypted the data, but we have a backup”detail the pirates in a message.
LAPSU$ extortion group, the South American group who recently claimed to exfiltrate 1TB of data from NVIDIA and also claimed to have been “hacked back” by NVIDIA, has addressed the rumors and speculation.
Initially LAPSU$ claimed NVIDIA deployed ransomware, here is the truth pic.twitter.com/bPSXgMUlgZ
— vx-underground (@vxunderground) February 27, 2022
Lapsu$’s claims are not very clear. At first, the hackers simply seemed to want to value the stolen data from Nvidia.
Then the group started to focus on the community of cryptocurrency miners. They claim that the American company removes Lite Hash Rate (LHR) technology from its graphics cards. This caps the computing power for mining and was introduced in May 2021 on certain cards in order to prevent miners from hogging them at the expense of gamers.
Lapsu$ promises an anti-LHR patch
However, it is unclear whether this objective has been met. The first version of LHR may have been disabled, due to an accidental update by Nvidia. The current version works, but obviously not well enough to discourage miners from buying these protected cards.
It is not clear, moreover, if LHR works on all the algorithms of blockchain.
Be that as it may, Lapsu$ promises to soon market a patch which allows bypassing LHR without the need for a hardware update (flash).
“But don’t expect to get it for 10 dollars”underline the hackers.
More recently hackers released an additional claim. They want Nvidia to release source code for all of its GPU card drivers, whether for Windows, Mac, or Linux.
If the company doesn’t execute by next Friday, March 4, they will release all files related to chipsets for the latest graphics cards and upcoming revisions. These are trade secrets that Nvidia will not wish to see in the wild. However, it is hard to see Nvidia bend the knee against these thugs…
Source : Bleeping Computer