Nvidia confirms Lapsus hacking group breaching its systems after hackers make additional demands. The chipmaker was under cyber attack a few days ago, though the attack was not confirmed. The hackers managed to breach the computer systems and steal company data has not been confirmed.
According to an Nvidia spokesperson, “On February 23, 2022, Nvidia became aware of a cyber security incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cyber security incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information.”
He further explained, “We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident. Security is a continuous process that we take very seriously at Nvidia – and we invest in the protection and quality of our code and products daily.”
LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.
LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machines
— vx-underground (@vxunderground) February 26, 2022
Lapsus hacking group Behind the incident
The Lapsus hacking group has taken the responsibility for the Nvidia cyberattack. They have published candid updates about its operations via its Telegram channel and on Tuesday. It includes download links for the first part of the 1TB cache of documents it said it stole from Nvidia.
Later on Tuesday, the group in yet another post update on Tuesday evening demanding honor from Nvidia.
The post mentioned, “We request that NVIDIA commits to COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers for Windows, macOS, and Linux, from now on and forever.”
Lapsus hacking group has made its latest demand, failing which they have threatened to release the full set of files it has on the most recent and future models of the company’s flagship graphics cards.
Nvidia has been asked to make the drivers for its graphics cards open source forever or lose access to the trade secrets LAPSU$ said it has stolen from the company.
According to Lapsus hacking group, they want to help the gaming and cryptocurrency mining community. The hacking group claims to have key information related to Nvidia’s lite hash rate (LHR) – a technology that aims to reduce a graphics card’s ability to effectively mine cryptocurrency while preserving gaming performance.
The Lapsus hacking group further added they have the source code to the files related to the LHR. They said they will not release anything that “may brick any card”, but said, “any developer with a good brain can compile what we gave you [in part 1 of the leak]”.
Additionally revealed to have possession of a piece of software that could bypass LHR which they have no plans to sell for cheap. Earlier Nvidia refused to share information about what type of data had been stolen or who was behind the hack.
Lapsus hacking group is using double extortion tactics which is increasingly used by numerous ransomware gangs. The hackers compromise the victim and steal their data before encrypting their machines and threaten to leak the valuable information they have if the ransom is not paid.
With this, the victim is further encouraged to pay up the ransom, while most security experts advise refraining from paying the ransom. According to Europol, there has been a rise in double extortion tactics in the past year and Mandiant said one in seven cases results in critical data being leaked.
Microsoft Discovered FoxBlade Malware Hit Ukraine Hours Before Russian Invasion
14 Toyota Plants Shut Down As A Result of Cyberattack
Daxin Malware – CISA discovers China-linked Malware that targets Secure Networks of Multiple Governments