Nvidia confirms breach, proprietary data leaked online

Nvidia confirmed some of the claims made by a ransomware group that said it compromised the chipmaker's corporate network and stole proprietary data.

The graphics card giant said in a statement to SearchSecurity that it had suffered a cyber attack last week, but normal operations and company activity were not impacted.

"On February 23, 2022, Nvidia became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement," the company said. 

"We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident."

Nvidia's confirmation came after a Telegraph report Friday that claimed a cyber attack had disrupted some operations for two days. Later, a group known as Lapsus$ claimed it had compromised Nvidia's networks. While Nvidia confirmed last week that it was looking into the incident, it did not provide any confirmation of an attack or provide information on the breach until after the weekend.

The relatively unknown Lapsus$ group said it stole roughly 1 TB worth of data that included details about the development of upcoming product releases.

As part of its ransom demand, the group demanded Nvidia remove LHR (lite hash rate), a firmware modification that throttles the GPU's ability to perform the calculations used to mine cryptocurrency with the aim of discouraging miners from stockpiling graphics cards in the midst of a GPU shortage.

The hackers have since begun leaking some of the pilfered data.

Lapsus$ also raised eyebrows when it accused Nvidia of countering the network intrusion with a hack of its own against the ransomware gang. According to the Lapsus$ crew, someone working for or acting on behalf of Nvidia had used remote administration tools to trace down the system used by the ransomware gang. Lapsus$ claimed that its system was then infected with a different piece of ransomware as an act of revenge. The group said that the infected system was in fact a VM, which contained the stolen Nvidia data and had already been backed up.

Nvidia did not comment on the allegations.

Authorities and many infosec experts have long discouraged companies from trying to "hack back" against ransomware attackers, as such activity can cause collateral damage to innocent parties and place the company at risk of legal problems of its own.