Lapsus$ hack leaves NVIDIA in a tight spot

The hackers have leaked NVIDIA’s official code signing certificates.

According to an IBM report, ransomware was the top attack type (again) in 2021. Recently, NVIDIA confirmed the hack attack that compromised their internal systems. The infamous hacker group Lapsus$ claimed credit for the attack. Later, Lapsus$ also hacked Ubisoft.

Lapsus$ broke into NVIDIA’s internal network and managed to steal sensitive data–from hashed login credentials to trade secrets. The hackers wanted NVIDIA to remove the mining hashrate limiters on their RTX 3000-series GPU as ransom. Lapsus$ said if NVIDIA failed to agree to their demand by March 4, they would leak the latter’s trade secrets. And NVIDIA didn’t submit to their ransom demand.

Later, the hackers leaked NVIDIA’s official code signing certificates. Now, bad actors are using them to bypass Windows Defender’s built-in executable verification and sneak in malware. The hackers can make malicious programs look like legit NVIDIA software. 

Lapsus$ started leaking employee credentials and proprietary information as downloadable files on the internet. NVIDIA found out about the breach on February 23. The company also said the breach would not disrupt its business.

The hack happened in mid-February, and Lasus$ stole one terabyte of data, including a substantial amount of sensitive info on GPU designs, source code for an NVIDIA AI rendering system known as DLSS usernames and passwords of more than 71,000 NVIDIA employees. 

In the wake of the breach, NVIDIA has stepped the security, reached out to law enforcement, and is now working with cybersecurity experts to deal with the attack. 

In 2019, Stratosphere Labs looked at a remote access trojan (RAT) known as Quasar and said it had been used for cyberattacks against Ukraine. As per samples uploaded on VirusTotal, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and RATs (malware and hacking tools). 

In the same tweet thread, cybersecurity researchers Kevin Beaumont and Will Dormann (CERT Coordination Center) posted the serial numbers of the stolen certificates.

So, no ransom?

The hack compromised NVIDIA servers. Apart from the demand to remove the mining hashrate limiters on the company’s RTX 3000-series graphics cards, the hackers have also asked NVIDIA to make their drivers open-source and distribute them under the free and open-source software (FOSS) license.

Later, the hackers revised their demands and called upon NVIDIA to remove the lite hash rate (LHR) in its GPUs.

Less than a week after the NVIDIA breach, the hackers claimed an attack on Samsung. In a description of the upcoming leak, Lapsus$ said the hacked data contains “confidential Samsung source code” like source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; and full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

Lapsus$ put the data under three compressed files worth 190 GB and is now available for free download in Torrent.

Ubisoft also reported a “cybersecurity incident” involving Lapsus$. On March 11, Ubisoft said the hack impacted numerous games, services and functions in its internal systems. Although the company did not disclose how it happened or who did it. 

“As a prudent step, we began a company-wide password reset. Also, we can confirm that there is no evidence any player’s personal information was accessed or exposed as a by-product of this incident,” Ubisoft said in a statement.

Lapsus$ claimed responsibility for the attack in its Telegram channel.

Download our Mobile App

Akashdeep Arul
Akashdeep Arul is a technology journalist who seeks to analyze the advancements and developments in technology that affect our everyday lives. His articles primarily focus upon the business, cultural, social and entertainment side of the technology sector.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

6 IDEs Built for Rust

Rust IDEs aid efficient code development by offering features like code completion, syntax highlighting, linting, debugging tools, and code refactoring

Can OpenAI Save SoftBank? 

After a tumultuous investment spree with significant losses, will SoftBank’s plans to invest in OpenAI and other AI companies provide the boost it needs?

Oracle’s Grand Multicloud Gamble

“Cloud Should be Open,” says Larry at Oracle CloudWorld 2023, Las Vegas, recollecting his discussions with Microsoft chief Satya Nadella last week.