Data stolen from GPU powerhouse Nvidia has been leaked online, amid media reports that it has suffered a ransomware attack
GPU powerhouse Nvidia has finally acknowledged that it has suffered a ransomware attack, a week after it was first reported in media outlets.
The Daily Telegraph reported Nvidia last week suffered a ransomware attack, and this week the chipmaker has admitted that a data breach has impacted confidential data.
The firm said that company and staff data has been leaked online, after the hackers said to be a ransomware gang known as Lapsus$, published some of the stolen data.
Reuters reported that Nvidia admitted on Tuesday a cyber attacker has leaked employee credentials and some company proprietary information online after their systems were breached.
But it didn’t admit it had suffered a ransomware attack.
“We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict,” the company’s spokesperson was quoted by Reuters as saying in a statement.
The Santa Clara, California-based company said it became aware of the breach on 23 February.
Nvidia added it was working to analyse the information that has been leaked and does not anticipate any disruption to the company’s business.
There is no evidence linking the attack to retaliation following the Western nations slapping Russia with multiple sanctions in the wake of the invasion of Ukraine.
Meanwhile the Lapsus$ group has claimed to have data about the schematics, drivers and firmware, among other data, about Nvidia’s graphics chips.
This breach is the second piece of bad news for Nvidia, after it was forced to drop its highly controversial $40bn acquisition attempt of British chip designer ARM Holdings.
One security expert said it would prudent not to automatically assume that the Nvidia hackers are Russian.
Indeed, the hacking group may come from a surprising part of the world.
“Companies are facing a barrage of warnings at the moment urging them to bolster cyber defence,” noted Toby Lewis, head of threat analysis at Darktrace. “The best action they could take, right now, is focusing on getting technology in to defend themselves against fast-moving ransomware.”
“Across our customer base, we’ve noted an uptick in attacks targeting technology companies and manufacturers of critical kit,” said Lewis. “Motivations of adversaries vary from cyber espionage to disruption or simply flexing their muscles on a global stage.”
“The hackers, allegedly Lapsus$, claim to have stolen log-in details from Nvidia employees and published them online,” said Lewis. “While the group is highly secretive, their previous targets and near-native use of Spanish and Portuguese in previous ransom notes suggest that this group operates out of South America.”
“Naturally, given the current geopolitical climate, commentators and industry experts alike might have expected this to be another Russian-linked attack, but in this case it seems the threat group have opportunistically struck at a time of widespread cyber disruption, and have no obvious connection to Russian-state groups,” said Lewis.
“Cyber defenders should know that there is technology out there capable of disrupting ransomware within seconds of malicious activity emerging,” Lewis added. ” For example, a recent Babuk ransomware attack targeting a multinational tech manufacturer was stopped with artificial intelligence after a device within the network was found to be scanning and making unusual connections with other internal devices.”