NVIDIA says that employee data and other company information have been stolen by hackers. The chip manufacturer announced this to ZDNet on Tuesday. The stolen data is currently being leaked online.
In total, 1TB of data would have been stolen. In addition to personnel data, it would include source codes, data about the NVIDIA GPU driver, its FALCON architecture and Lite Hash Rate (LHR), and other critical information.
A spokesperson said: “Our team is analyzing that information. We do not expect any disruption to our business or our ability to serve our customers as a result of the incident.”
However, the British newspaper The Telegraph reported that the company was experiencing outages for two days. These outages occurred in the email systems and other tools used by the developers within the company.
The online newspaper Bloomberg initially reported that NVIDIA had fallen victim to a ransomware attack. However, the chipmaker denied that malware was installed. Data was stolen. The hackers threatened to leak this data if NVIDIA didn’t lift restrictions on its graphics cards to mine cryptocurrency. NVIDIA refused, after which the hackers indeed started sharing the data on a public Telegram channel.
A member of the hacker group claims on the Telegram channel that NVIDIA has hacked back the group. The chipmaker is said to have used ransomware software to encrypt the stolen data.
However, the group says it doesn’t matter: “Yes, they have successfully encrypted the data. However, we have a backup that is safe from scum. We have not been hacked by any competing groups.”
It is not often that a company hacks back cybercriminals. Still, it’s not unimaginable and sometimes sensible, explains Emsisoft analyst Brett Callow: “Deploying ransomware on the attackers’ network can prevent them from leaking the data they’ve stolen.”
The hack was claimed by the South American hacker collective LAPSU$. However, the criminals did not demand a ransom. They wanted NVIDIA to remove the LHR block on its hard drives. This LHR has been introduced by the chip developer last year to make it more difficult to mine Ethereum through its graphics cards. The ability to mine was thus halved.
The hackers gained access to all the stolen data through NVIDIA’s corporate VPN. To connect to this VPN, a computer must be registered in a Mobile Device Management (MDM). The criminals managed to put their virtual machine on this list and thus gain access to the company network.
LAPSU$ also hacked Portugal’s largest TV channel and newspaper at the beginning of this year. The collective did ask for a ransom amount.
— Soufiane Tahiri (@S0ufi4n3) February 26, 2022
Update (March 23, 2022): Authentication company Specops has identified the cause of the cyberattack on NVIDIA. Our own research shows that NVIDIA employees used weak passwords to protect their accounts. The company’s name turned out to be a popular password among employees. In addition to ‘Nvidia’, ‘nvidia3d’, ‘welcome’, ‘password’ and ‘Mellanox’ were also widely used. Mellanox is the name of a subsidiary of NVIDIA.
Specops states that half of the employees must remember an average of 11 passwords and codes from the boss. The company, therefore, finds it not surprising that employees opt for simple passwords or reuse the same password several times. Still, Specops warns against such practices in the workplace.
Catch up on more articles here
Follow us on Twitter here