Nvidia confirmed that hackers stole sensitive data from its networks, including employee credentials and proprietary company information, during last week’s cyberattack and are now “leaking it online.”
Nvidia has refused to say what data was stolen during the attack, which was discovered on Friday.
However, a ransomware hackers group known as “Lapsus$” has claimed responsibility for the breach on its Telegram channel, claiming to have stolen one terabyte of data, including “highly confidential/secret data” and proprietary source code.
This includes source code for Nvidia’s hash rate limiter, which reduces the Ethereum mining performance of the company’s RTX 30-series graphics cards, according to group posts.
The Lapsus$ gang, though relatively unknown, first appeared on the ransomware scene in December with an attack on Brazil’s Ministry of Health, stealing 50 terabytes of data, including citizens’ vaccination information.
Since then, the gang has targeted the Portuguese media company Impresa as well as the South American telecommunications companies Claro and Embratel.
“Some researchers believe the gang is based in South America, but I’m not sure how solid the evidence is pointing to that,” Brett Callow, threat analyst at Emsisoft, tells TechCrunch. “So far they appear to be somewhat amateurish, which could indicate that the individuals involved are not experienced cybercriminals.”
Nvidia, which also declined to say who it believes is responsible for the attack, says it became aware of the malicious intrusion on February 23, prompting the chipmaker in the United States to notify law enforcement and hire cybersecurity experts to assist it in responding to the attack.
Despite the fact that the breach occurred a day before Russia’s invasion of Ukraine, which led some to speculate that the attack was carried out by Russian state-sponsored hackers, Nvidia added that it has “no evidence that this is related to the Russia-Ukraine conflict.”
To read our blog on “Nvidia is looking into a major cyberattack,” click here.
