NVIDIA admits that sensitive information has been stolen by hacking groups, threatening to 'remove GPU mining restrictions'



NVIDIA, a major American semiconductor maker, admitted that some confidential information was stolen after being targeted by a ransomware attack in February 2022. The hacking group ' LAPS S $ ' that launched the attack asked NVIDIA to pay the ransom in virtual currency, opened the driver for Windows, macOS, Linux, and limited the mining performance set in the GPU. Is required to be abolished.

Nvidia Confirms Company Data Was Stolen in Hack | PCMag

https://www.pcmag.com/news/nvidia-confirms-company-data-was-stolen-in-hack



Hackers now demand NVIDIA should make their drivers open source or they leak more data --VideoCardz.com
https://videocardz.com/newz/hackers-now-demand-nvidia-should-make-their-drivers-open-source-or-they-leak-more-data

Hacking group threatens to leak NVIDIA GPU driver and firmware data, already selling GA102 / 104 LHR algorithm bypass --VideoCardz.com
https://videocardz.com/newz/hacking-group-threatens-to-leak-nvidia-gpu-driver-and-firmware-data-already-selling-ga102-104-lhr-algorithm-bypass

NVIDIA DLSS Source Code Leaked | TechPowerUp
https://www.techpowerup.com/292479/nvidia-dlss-source-code-leaked

Nvidia Hackers Threaten to Release Mining-Limiter Killer | Tom's Hardware
https://www.tomshardware.com/news/nvidia-hackers-threaten-to-release-lhr-performance-limiter

On February 23, 2022, NVIDIA noticed that someone had invaded the network and began notifying law enforcement agencies and responding by cyber security experts. Since this cyber attack was carried out the day before Russia's invasion of Ukraine, there was a view that it was the work of hackers related to Russia, but so far the cyber attack is said to be related to Russia. No evidence found. He also claims that the hacker group LAPSUS $, which has announced that it has launched an attack, is a group that operates mainly in South America, and that LAPSUS $ itself is not related to any particular nation.

LAPSUS $ claims that NVIDIA also hacked against their hack and encrypted one LAPSUS $ computer. However, NVIDIA does not admit that it has hacked back, and NVIDIA has not hacked or infected LAPSUS $ with LAPSUS $, according to sources contacted by tech media PCMag. That is.

There is also a report that 'NVIDIA counterattacked with a ransomware attack' after NVIDIA was damaged by a ransomware attack --GIGAZINE


by NVIDIA Corporation

'We are aware that threat actors have acquired employee credentials and some NVIDIA sensitive information and have begun to leak online,' NVIDIA said in a statement on March 1. Admitted that the hacker group stole sensitive information. NVIDIA itself did not reveal details of the stolen information, but LAPSUS $ claims to have stolen as much as 1TB of data about hardware and software.

The data that LAPSUS $ claims to have stolen includes product schematics, drivers, firmware, documentation, internal tools, software development kits (SDKs), and the microcontroller 'Falcon' built into NVIDIA GPUs. Contains all information and more. LAPSUS $ demands that you pay the ransom in virtual currency if you do not want to leak these data, but at the time of writing the article, there is no contact from NVIDIA. According to TechPowerUp, a technology media, LAPSUS $ has already begun to leak some confidential information such as the source code of the technology ' DLSS ' that achieves both image quality and frame rate.

Also, according to a Telegram chat obtained by tech media VideoCardz.com, LAPSUS $ is also requiring NVIDIA to open source all GPU drivers for Windows, macOS and Linux. .. If this request is not accepted, we are threatening to release data on the top flagship GPU, the RTX 3090 Ti and unreleased models.



In addition, LAPSUS $ is selling data to the community mining cryptocurrencies that can bypass the 'Lite Hash Rate (LHR)' that limits the mining performance of GA102 and GA104 installed in NVIDIA GPUs. We have also announced that. NVIDIA

sells LHR models with limited mining performance in order to prevent GPUs from spreading to gamers due to increased demand for GPUs for mining purposes, but LHR models are also mined due to the outflow of technology that bypasses LHR. May be used for.

In addition to this, LAPSUS $ is asking NVIDIA to remove LHR instead of exposing a folder called 'hw folder' that contains a lot of data. In this regard, tech media Tom's Hardware claims that 'LAPSUS $ will sell unlockers (of LHR) in a lineup that includes most of NVIDIA's RTX 3000 series, but why did it release the mining limiter to NVIDIA itself? This could question the legitimacy of LAPSUS $'s claim. '

In addition, NVIDIA is currently working on an analysis of what information LAPSUS $ has leaked to the Internet. As a result of this incident, it will hinder the provision of services to our business and customers. I don't expect it. '

・ Continued
Signed certificate data leaked from NVIDIA and multiple malware spoofing NVIDIA drivers appeared --GIGAZINE



in Hardware,   Security, Posted by log1h_ik