Nvidia confirms that their proprietary information is being leaked by hackers
According to sources, Nvidia has confirmed that the company was recently hacked into and the malicious actors are leaking employee confidential information to the internet.
According to reports from PCMag, Bloomberg, and VideoCardz, the company confirmed having detected the breach on the 23rd of February. A spokesperson from the company also admitted that they do not ‘anticipate any disruption to business or our ability to serve our customers as a result of the incident.’
What’s more is that a popular hacking group, going by the name of Lapsus$ has come forward to own up and claim responsibility for the breach. Furthermore, the hacker group has communicated to Nvidia that they should make their drivers open-source, and pay up in cryptocurrency if they want to plug the leak.
However, Nvidia has responded in regards to the demands made by the hacker group by saying that they have notified the law enforcement authorities, and have made adequate updates and improvements to their security system. They also claim to currently be working with cybersecurity professionals closely in order to resolve this attack.
Lapsus$ claims to have hold of over a terabyte of Nvidia’s data, according to PCMag. As reported by The Verge, the hackers claim that their hardware folder alone is currently holding 250GBs of Nvidia’s data which includes information on “all recent Nvidia GPUs” and also RTX 3090 Ti.
It was also reported that in one of the earliest messages from Lapsus$, the group warned and threatened to leak the files they have if Nvidia doesn’t remove the limitations on its recent graphics card.
However, in a more recent message, however, Lapsus$ updated its demands, asking Nvidia to make its GPU drivers fully open-source, permanently, and giving the company time until Friday, the 3rd of March to decide.
It is no secret that Nvidia recently nerfed the new RTX 3080 and 3070 cards for crypto mining, labeling the new cards as ‘Lite Hash Rate’, or ‘LHR’. The new labels were to make potential customers aware that the new cards could not be used for crypto mining.
According to Nvidia, the new limits are supposed to make GeForce cards more accessible to gamers at better prices. The new RTX 3060 Ti, RTX 3070, and RTX 3080 are supposed to start shipping later this March, while the LHR identifier is all set to make its way to the retail product listings, as well as the box.
The new limits have been part of the company’s efforts to make the 30-series less appealing to crypto miners and more easily accessible to gamers—who they were meant for originally. PC gamers had been trying to get their hands on the graphic cards for many months with no success, mostly because they were all sold out after being bought by crypto miners.
Soon after Nvidia confirmed that they were trying to work through the attack and resolve issues, there was speculation that the attack could be connected to the conflict between Russia and Ukraine, since the breach occurred a day before the Russian invasion of Ukraine, and that there was a possibility of ransomware being involved.
However, the company responded to the speculation by saying, “We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict”
While experts and Nvidia explore the implications of the attack, TechPowerUp has reported that Lapsus$ has started uploading a 19GB archive to the internet. This archive includes information regarding Nvidia’s software, along with the source code to the company’s frame-rate boosting DSS tech.
According to The Verge, Head of Threat Analysis at dark web intelligence, Toby Lewis commented that the Lapsus$’s previous targets and the almost-native command of Spanish and Portuguese languages point toward the group being of South American origin.
Furthermore, he also admitted that Lapsus$ is incredibly secretive, and that it feels like their attack on Nvidia could be them taking advantage of the Russia-Ukraine situation, and that it doesn’t feel like it was motivated by any personal interest or connections to Russia or its government.