NVIDIA confirmed the Lapsus$ cyberattack and the data leak that followed, saying it first became aware of the security incident on February 23.
The tech giant also confirmed it had suffered damages related to its IT resources.
NVIDIA Says Investigations Are Ongoing
The microchip company confirmed employee accounts and proprietary information were stolen during a cyberattack that happened in late February. The tech giant said it detected the attack on February 23 and that it had affected its IT resources.
“Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online,” an NVIDIA spokesperson explained.
“Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident. Security is a continuous process that we take very seriously at NVIDIA — and we invest in the protection and quality of our code and products daily,” they added.
British newspaper The Telegraph reported that the company had been facing two days of outages last week related to email systems and tools used by developers.
Lapsus$ Hits Again
Soon after, voices emerged online reporting that LAPSU$, a South American hacking group, claimed it was behind the recent attack. The ransomware group claimed to have 1 TB of data that included employee confidential data.
In screenshots from their Telegram channel, a LAPSU$ member says the tech company put ransomware on their systems after the attack.
“Access to NVIDIA employee VPN requires the PC to be enrolled in MDM (Mobile Device Management). With this they were able to connect to a [virtual machine] we use. Yes they successfully encrypted the data,” the cybercriminal group explained in a subsequent message.
“However we have a backup and it’s safe from scum! We are not hacked by a competitors groups or any sorts.”
“While hacking back is not common, it has certainly happened before,” Emsisoft threat analyst Brett Callow said. “Deploying ransomware on the attacker’s network may prevent them from leaking whatever data they exfiltrated.”
Last month, the ransomware group attacked Nvidia and exposed 71,000 employee accounts.
Just a few hours into 2022, one of their attacks crippled the media giant Impresa, owner of the most prominent television station and newspaper in Portugal.
The Lapsus$ ransomware gang made it obvious they were behind the attack by defacing all of Impresa’s websites with a ransom note to let the company know that they had gained access to Impresa’s Amazon Web Services account. Lapsus$ identified itself as responsible for the ransomware attack by tweeting from one of Impresa’s verified Twitter accounts.
The Lapsus$ gang was first spotted in 2021, and its most noticeable attack was targeted at the Brazil Ministry of Health in December. Following the incident, several online entities were taken down, information on citizens’ COVID-19 vaccination data was wiped out, and the system that issues digital vaccination certificates was disrupted as well.
Blue Hexagon Saumitra Das warned that ransomware groups no longer need to deploy the final ransomware payloads to cause damage and steal IP.
“There is always a tradeoff for the attackers between encrypting data and stealing data because encryption and deletion can trigger alarms at organizations with mature security programs and take away the leverage from the attackers,” he added.
What’s stopping attackers from targeting your company next?
Educate your employees on ransomware and other cyberattacks with one of our Security Awareness Training plans.
Tomorrow might be too late. Get your quote today.