Nvidia hack saw employee details leaked online

security
(Image credit: Shutterstock)

The recent cyberattack against Nvidia saw threat actors made away with a terabyte of sensitive data, the GPU maker has confirmed.

“We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,” the company said in a statement. 

Nvidia did not detail the nature of files that were stolen, however LAPSUS$, the group that says it conducted the raid claims it got away 1TB of data about the company’s hardware and software - which it is now threatening to leak online unless the company pays a cryptocurrency ransom.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Leaking bits of data

To prove they mean business, the group has already leaked 19GB of stolen data, including the source code for Nvidia's framerate boosting DLSS technology.

Even though LAPSUS$ is a ransomware operator, Nvidia is saying the group did not deploy such malware on its endpoints.

"We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict," the company said.

The group rose to infamy in early January this year, when it targeted Impresa, Portugal’s biggest media conglomerate. Striking over the New Year holidays, it took down multiple Impresa websites, TV channels, as well as the website of the Expresso printed newspaper, although it claims not to be affiliated with a nation-state of any kind.

It claimed to have gained access to the company’s Amazon Web Services (AWS) infrastructure, as well as its Twitter account.

In early December 2021, the group struck the websites of Brazil’s Ministry of Health (MoH), suspending Covid-19 vaccination efforts across the country. It claimed to have stolen 50TB worth of data, before deleting them from the MoH’s servers.

Via: PCMag

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.