Lapsus$ hack leaves NVIDIA in a tight spot

The hackers have leaked NVIDIA’s official code signing certificates.

According to an IBM report, ransomware was the top attack type (again) in 2021. Recently, NVIDIA confirmed the hack attack that compromised their internal systems. The infamous hacker group Lapsus$ claimed credit for the attack. Later, Lapsus$ also hacked Ubisoft.

Lapsus$ broke into NVIDIA’s internal network and managed to steal sensitive data–from hashed login credentials to trade secrets. The hackers wanted NVIDIA to remove the mining hashrate limiters on their RTX 3000-series GPU as ransom. Lapsus$ said if NVIDIA failed to agree to their demand by March 4, they would leak the latter’s trade secrets. And NVIDIA didn’t submit to their ransom demand.


Sign up for your weekly dose of what's up in emerging technology.

Later, the hackers leaked NVIDIA’s official code signing certificates. Now, bad actors are using them to bypass Windows Defender’s built-in executable verification and sneak in malware. The hackers can make malicious programs look like legit NVIDIA software. 

Lapsus$ started leaking employee credentials and proprietary information as downloadable files on the internet. NVIDIA found out about the breach on February 23. The company also said the breach would not disrupt its business.

The hack happened in mid-February, and Lasus$ stole one terabyte of data, including a substantial amount of sensitive info on GPU designs, source code for an NVIDIA AI rendering system known as DLSS usernames and passwords of more than 71,000 NVIDIA employees. 

In the wake of the breach, NVIDIA has stepped the security, reached out to law enforcement, and is now working with cybersecurity experts to deal with the attack. 

In 2019, Stratosphere Labs looked at a remote access trojan (RAT) known as Quasar and said it had been used for cyberattacks against Ukraine. As per samples uploaded on VirusTotal, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and RATs (malware and hacking tools). 

In the same tweet thread, cybersecurity researchers Kevin Beaumont and Will Dormann (CERT Coordination Center) posted the serial numbers of the stolen certificates.

So, no ransom?

The hack compromised NVIDIA servers. Apart from the demand to remove the mining hashrate limiters on the company’s RTX 3000-series graphics cards, the hackers have also asked NVIDIA to make their drivers open-source and distribute them under the free and open-source software (FOSS) license.

Later, the hackers revised their demands and called upon NVIDIA to remove the lite hash rate (LHR) in its GPUs.

Less than a week after the NVIDIA breach, the hackers claimed an attack on Samsung. In a description of the upcoming leak, Lapsus$ said the hacked data contains “confidential Samsung source code” like source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; and full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

Lapsus$ put the data under three compressed files worth 190 GB and is now available for free download in Torrent.

Ubisoft also reported a “cybersecurity incident” involving Lapsus$. On March 11, Ubisoft said the hack impacted numerous games, services and functions in its internal systems. Although the company did not disclose how it happened or who did it. 

“As a prudent step, we began a company-wide password reset. Also, we can confirm that there is no evidence any player’s personal information was accessed or exposed as a by-product of this incident,” Ubisoft said in a statement.

Lapsus$ claimed responsibility for the attack in its Telegram channel.

More Great AIM Stories

Akashdeep Arul
Akashdeep Arul is a technology journalist who seeks to analyze the advancements and developments in technology that affect our everyday lives. His articles primarily focus upon the business, cultural, social and entertainment side of the technology sector.

Our Upcoming Events

Masterclass, Virtual
How to achieve real-time AI inference on your CPU
7th Jul

Masterclass, Virtual
How to power applications for the data-driven economy
20th Jul

Conference, in-person (Bangalore)
Cypher 2022
21-23rd Sep

Conference, Virtual
Deep Learning DevCon 2022
29th Oct

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM

What can SEBI learn from casinos?

It is said that casino AI technology comes with superior risk management systems compared to traditional data analytics that regulators are currently using.

Will Tesla Make (it) in India?

Tesla has struggled with optimising their production because Musk has been intent on manufacturing all the car’s parts independent of other suppliers since 2017.

Now Reliance wants to conquer the AI space

Many believe that Reliance is aggressively scouting for AI and NLP companies in the digital space in a bid to create an Indian equivalent of FAANG – Facebook, Apple, Amazon, Netflix, and Google.