Lapsus$ hack leaves NVIDIA in a tight spot

The hackers have leaked NVIDIA’s official code signing certificates.

According to an IBM report, ransomware was the top attack type (again) in 2021. Recently, NVIDIA confirmed the hack attack that compromised their internal systems. The infamous hacker group Lapsus$ claimed credit for the attack. Later, Lapsus$ also hacked Ubisoft.

Lapsus$ broke into NVIDIA’s internal network and managed to steal sensitive data–from hashed login credentials to trade secrets. The hackers wanted NVIDIA to remove the mining hashrate limiters on their RTX 3000-series GPU as ransom. Lapsus$ said if NVIDIA failed to agree to their demand by March 4, they would leak the latter’s trade secrets. And NVIDIA didn’t submit to their ransom demand.

Later, the hackers leaked NVIDIA’s official code signing certificates. Now, bad actors are using them to bypass Windows Defender’s built-in executable verification and sneak in malware. The hackers can make malicious programs look like legit NVIDIA software. 

AIM Daily XO

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Lapsus$ started leaking employee credentials and proprietary information as downloadable files on the internet. NVIDIA found out about the breach on February 23. The company also said the breach would not disrupt its business.

The hack happened in mid-February, and Lasus$ stole one terabyte of data, including a substantial amount of sensitive info on GPU designs, source code for an NVIDIA AI rendering system known as DLSS usernames and passwords of more than 71,000 NVIDIA employees. 

Download our Mobile App

In the wake of the breach, NVIDIA has stepped the security, reached out to law enforcement, and is now working with cybersecurity experts to deal with the attack. 

In 2019, Stratosphere Labs looked at a remote access trojan (RAT) known as Quasar and said it had been used for cyberattacks against Ukraine. As per samples uploaded on VirusTotal, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and RATs (malware and hacking tools). 

In the same tweet thread, cybersecurity researchers Kevin Beaumont and Will Dormann (CERT Coordination Center) posted the serial numbers of the stolen certificates.

So, no ransom?

The hack compromised NVIDIA servers. Apart from the demand to remove the mining hashrate limiters on the company’s RTX 3000-series graphics cards, the hackers have also asked NVIDIA to make their drivers open-source and distribute them under the free and open-source software (FOSS) license.

Later, the hackers revised their demands and called upon NVIDIA to remove the lite hash rate (LHR) in its GPUs.

Less than a week after the NVIDIA breach, the hackers claimed an attack on Samsung. In a description of the upcoming leak, Lapsus$ said the hacked data contains “confidential Samsung source code” like source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; and full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

Lapsus$ put the data under three compressed files worth 190 GB and is now available for free download in Torrent.

Ubisoft also reported a “cybersecurity incident” involving Lapsus$. On March 11, Ubisoft said the hack impacted numerous games, services and functions in its internal systems. Although the company did not disclose how it happened or who did it. 

“As a prudent step, we began a company-wide password reset. Also, we can confirm that there is no evidence any player’s personal information was accessed or exposed as a by-product of this incident,” Ubisoft said in a statement.

Lapsus$ claimed responsibility for the attack in its Telegram channel.

Sign up for The Deep Learning Podcast

by Vijayalakshmi Anandan

The Deep Learning Curve is a technology-based podcast hosted by Vijayalakshmi Anandan - Video Presenter and Podcaster at Analytics India Magazine. This podcast is the narrator's journey of curiosity and discovery in the world of technology.

Akashdeep Arul
Akashdeep Arul is a technology journalist who seeks to analyze the advancements and developments in technology that affect our everyday lives. His articles primarily focus upon the business, cultural, social and entertainment side of the technology sector.

Our Upcoming Events

24th Mar, 2023 | Webinar
Women-in-Tech: Are you ready for the Techade

27-28th Apr, 2023 I Bangalore
Data Engineering Summit (DES) 2023

23 Jun, 2023 | Bangalore
MachineCon India 2023 [AI100 Awards]

21 Jul, 2023 | New York
MachineCon USA 2023 [AI100 Awards]

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

Council Post: Evolution of Data Science: Skillset, Toolset, and Mindset

In my opinion, there will be considerable disorder and disarray in the near future concerning the emerging fields of data and analytics. The proliferation of platforms such as ChatGPT or Bard has generated a lot of buzz. While some users are enthusiastic about the potential benefits of generative AI and its extensive use in business and daily life, others have raised concerns regarding the accuracy, ethics, and related issues.