GPU giant Nvidia is investigating a potential cyberattack

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/gpu-giant-nvidia-is-investigating-a-potential-cyberattack/

US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.

Systems impacted in what looks like a cyberattack include the company's developer tools and email systems, as first reported by The Telegraph.

The reported outage is the result of a network intrusion, and it is still not known if any business or customer data was stolen during the incident.

Nvidia told BleepingComputer that the nature of the incident is still being evaluated and that the company's commercial activities were not affected.

"We are investigating an incident. Our business and commercial activities continue uninterrupted," an Nvidia spokesperson told BleepingComputer.

"We are still working to evaluate the nature and scope of the event and don't have any additional information to share at this time."

An insider has described this incident as having "completely compromised" Nvidia's internal systems.

 

[Lightning_Brian]

Could be quite alarming if or when we do hear what happened at NVIDIA @Gandalf_The_Grey. Thanks for posting this.

Could it be state sponsored attacker? Who knows! Some folks have theories that it may have been. In either case, it may be worthy of being extra cautious.

~Brian

 

[Gandalf_The_Grey]

Jensen hacks back: Nvidia allegedly attacks ransomware group that stole 1 TB of Team Green's confidential data

Nvidia has reportedly been the victim of a ransomware attack, with the hackers successfully making off with over 1 TB of sensitive date from Team Green’s servers. In a surprising twist of events, the graphics card company, headed by Jensen Huang, has allegedly attempted to hack the attackers back to encrypt the stolen data.

A recent report from The Telegraph has claimed that Nvidia recently suffered from a considerable cyber-attack, with hackers leaving part of Team Green’s business “completely compromised”. Further reports about the incident have revealed that a ransomware group called Lapsus$ admitted to having swiped over 1 TB of vital data from Nvidia, which included personal information about employees and even some details about RTX GPUs.

However, it appears the ransomware group has been attacked back by Nvidia, and the hackers took to airing their grievances publicly. The group published messages on its Telegram account, later shared by a threat analyst on Twitter, ironically calling out Nvidia as “criminals” and “scum” for attempting to install “ransomware” on the group’s machines. Lapsus$ further claims to have already backed up the stolen data elsewhere, making Nvidia’s successful encryption attempt a somewhat unrewarding exercise.

It has also been revealed that the group clearly isn’t on some sort of undisclosed moral crusade, as blackmail demands have emerged with Lapsus$ stating that it will not leak the company’s data as long as Nvidia pays a “fee”. The same group, which is supposedly based in South America, has been connected with other malicious hacks in the past, including one on a large Portuguese media conglomerate (Impresa) and one against the Parliament of Portugal.

Jensen hacks back: Nvidia allegedly attacks ransomware group that stole 1 TB of Team Green's confidential data

Nvidia has reportedly been the victim of a ransomware attack, with the hackers successfully making off with over 1 TB of sensitive date from Team Green’s servers. In a surprising twist of events, the graphics card company, headed by Jensen Huang, has allegedly attempted to hack the attackers...

www.notebookcheck.net

 

[plat]

Posted by Emsisoft rep GT500 on Bleeping Computer's own article, in the comments section:

GPU giant NVIDIA is investigating a potential cyberattack

US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.

www.bleepingcomputer.com

The TPU article claims a South American hacking group is responsible. Note: since publishing a fake news article around 2 years ago about a large supply of EVGA gpu cards "found" in a shipping container, I now take all such articles by that TPU site with a large cube of salt. It's interesting though. NVIDIA's vigilante justice.

 

[Paul.R]

CAN'T MAKE A NEW TOPIC FOR THIS PHRASE:

Security researchers with U.S. cybersecurity firm Symantec said they have discovered a “highly sophisticated” Chinese hacking tool that has been able to escape public attention for more than a decade.

 

[plat]

Hackers to NVIDIA: Remove mining cap or we leak hardware data

The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The cache is an archive that is almost 20GB large.

www.bleepingcomputer.com

 

[brambedkar59]

NVIDIA DLSS Source Code Leaked

The mother of all cyberattacks hit NVIDIA over the weekend, putting out critical driver source-code, the ability to disable LHR for mining, and even insights into future NVIDIA hardware, such as the Blackwell architecture. An anonymous tipster sent us this screenshot showing a list of files they...

www.techpowerup.com

 

[Venustus]

Hackers now demand NVIDIA should make their drivers open source or they leak more data - VideoCardz.com

NVIDIA in even bigger trouble Hackers that infiltrated NVIDIA systems are now threatening to release more confidential information unless the company commits to open sourcing their drivers. Following (now) multiple reports of the ransom cyber attack on NVIDIA servers, the hacking group LAPSUS$...

videocardz.com

 

[silversurfer]

More than 71,000 employee credentials were stolen and some of them leaked online following a data breach suffered by US chipmaker giant Nvidia last month.

The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday. Have I Been Pwned says the stolen data contains "email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community."

NVIDIA data breach exposed credentials of over 71,000 employees

More than 71,000 employee credentials were stolen and some of them leaked online following a data breach suffered by US chipmaker giant Nvidia last month.

www.bleepingcomputer.com

 

[Freki123]

It appears that nvidias code signing certificates got leaked also. So far I only found a german source (German IT news site) and twitter for it (english)

Nvidias geleakte Code-Signing-Zertifikate missbraucht

Die Einbrecher haben bei Nvidia auch Code-Signing-Zertifikate entwendet und veröffentlicht. Mit denen werden nun Angriffs-Tools signiert.

www.heise.de

 

[Tutman]

They want the video cards to cryptomine faster!?

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

Chipmaker has until Friday to comply or see its crown-jewel source code released.

arstechnica.com

 

[plat]

 

[Local Host]

As someone who never supported NVidia Anti-Competitive tactics, I don't feel pitty whasoever for is going on, deep down I hope for more leaks that show what NVidia been doing with their APIs.

 

[upnorth]

Florian is correct as even we hunters in the Hub noticed these samples the last days.

Signed samples in general been on a constant rise the last months, and will for sure keep coming extra now when Microsoft killed all MOTW macros.

Microsoft to Disable Autorun MOTW Macros – End of an Era for Macro Malware or Hard Reset?

Macro malware evolution to be curbed by new Microsoft Office security feature backed up by group and ADMX policies.

heimdalsecurity.com

 

[Local Host]

Florian is correct as even we hunters in the Hub noticed these samples the last days.

Signed samples in general been on a constant rise the last months, and will for sure keep coming extra now when Microsoft killed all MOTW macros.

Microsoft to Disable Autorun MOTW Macros – End of an Era for Macro Malware or Hard Reset?

Macro malware evolution to be curbed by new Microsoft Office security feature backed up by group and ADMX policies.

heimdalsecurity.com

Nothing to fear, as those NVidia certificates were already revoked.

 

[Gandalf_The_Grey]

Nvidia leak shows weak passwords in use

Cyber-criminal group LAPSUS$ claimed GPU manufacturer Nvidia as one of its latest breach victims at the end of February. The news of the breach made headlines in the past few weeks, including details that employee passwords were leaked. The Specops team has obtained some 30k of the leaked passwords and included them in the latest addition of over 6 million compromised passwords to the Specops Breached Password Protection service.

The Specops research team was able to analyze the Nvidia dataset for password construction patterns. The findings, shared below, highlight how common weak passwords are in organizations. On March 1, 2022, Nvidia shared on their security incident page that all employees have been required to change their passwords so none of the examples in this post are passwords in use today. These research findings follow the publication of the 2022 Specops Weak Password report last week.

“While we don’t know how the hackers gained access in this incident, it is unfortunate to see that weak passwords were in use,” said Darren James, Product Specialist at Specops Software. “But they are not alone – weak passwords are unfortunately common across many organizations because of a lack of basic protections like blocking company names.”

Top 10 Base Words in Leaked Nvidia Passwords

• nvidia
• nvidia3d
• mellanox
• ready2wrk
• welcome
• password
• mynvidia3d
• nvda
• qwerty
• september

It’s not unexpected that employees would choose weak passwords. As shared in the 2022 Weak Password Report, nearly 48% of employees have to remember more than 11 passwords just in their work lives. With that mental burden, it is understandable that employees would rely on simpler passwords, insecure construction patterns or reusing passwords.

Of course, weak password construction isn’t the only password vulnerability organizations need to worry about. The strongest password in the world becomes weak if it’s known to a hacker.

“It is of course important to protect against the use of guessable passwords,” continued James. “But the easiest to guess password is one that an employee has reused on a previously breached site and an attacker has their hands on. Blocking compromised passwords is an essential part of any cybersecurity plan.”

Nvidia leak shows weak passwords in use [new data]

Cyber-criminal group LAPSUS$ claimed GPU manufacturer Nvidia as one of its latest breach victims at the end of February. The news of the breach made...

specopssoft.com