(Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)
Nvidia has confirmed that hackers stole data from the company during last week's breach.
“We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,” the company said in a statement.
Nvidia didn’t specify what was stolen. But the group behind the breach, LAPSUS$, claims it looted 1TB of data, including files about Nvidia hardware and software. The hackers are now demanding the company pay up in cryptocurrency to keep the data secret. However, LAPSUS$ told us Nvidia has yet to reach out.
Nvidia says it became aware of the intrusion on Wednesday, Feb. 23, which prompted the GPU maker to notify law enforcement and tap cybersecurity experts to help it respond to the attack.
The breach occurred a day before the Russian invasion of Ukraine, which prompted some observers to wonder if the intrusion was connected to Russian state-sponsored hackers. However, Nvidia said: "We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict." LAPSUS$ has also denied any affiliation with a state-sponsored hacking group.
Nvidia is now working to analyze what information LAPSUS$ has been leaking on the internet. "We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident," the company added.
LAPSUS$ has already started leaking a 19GB archive that allegedly contains information about Nvidia’s software, including the source code to the company’s frame-rate boosting DLSS technology, according to TechPowerUp.
At the same time, the hacking group claims it possesses a GPU driver capable of unlocking Nvidia’s Etherem mining limiter on the company’s RTX 3000 graphics cards. The group is now hoping to sell it to interested buyers.
LAPSUS$ also alleges Nvidia successfully encrypted one of the hacking group’s computers during the group’s effort to exfiltrate the data from the company. Nvidia has yet to confirm this. However, a source familiar with the matter said Nvidia did not hack LAPSUS$ or plant malware on their computers in retaliation.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
