Nvidia Hit by Cyberattack

On February 25, Graphics Processing Unit (GPU) giant Nvidia announced  that it had possibly suffered a cyber incident. The announcement followed an article published by The Telegraph which stated that the company was suffering several outages across multiple departments.

The article stated,

“The intrusion was described by one insider as having “completely compromised” the company’s internal systems, although some email services were working on Friday. It is unclear if any data has been stolen or deleted from Nvidia or from its customers, or if the attack has merely disrupted its systems, and customers said they had not been informed of any incident.”

Nvidia is worth around 600 billion USD and makes it one of the most successful companies globally. The company is best known for its production of GPUs for both gaming and those optimized for content creation.

nvidia hit by cyberattack

In recent years the company has expanded in creating chips for artificial intelligence programs, machine learning algorithms, and robotics. At the time an Nvidia spokesman stated,

“We are investigating an incident. We don’t have any additional information to share at this time.”

Given the current climate and the ongoing war in Ukraine, there were mumblings that the attack may have been Russian retaliation to the economic sanctions placed upon it by many countries, particularly those making up the West.

However, there was no evidence in support of this claim. The public did not have to wait long to find out who was behind the attack.

The well-known data extortion cyber gang Lapsus$ released data allegedly belonging to Nvidia. Lapsus$ said that they stole 1TB of data from Nvidia and that they were prepared to publish it unless the company paid a ransom demand.

The first round of messages from Lapsus$ announcing the successful hack included a leak of what the actor said were hashed passwords of all Nvidia employees. Lapsus$ further claimed that the company hacked back to encrypt their virtual machine with the data.

Lapsus$ also provided their motivation behind the attack, other than the possible financial gains. In a message, the gang stated that they are selling “a full LHR V2 (GA102-GA104)”.

The LHR stands for lite hash rate technology developed by Nvidia to reduce a GPU’s mining capacity. The Lapsus$ extortion group hopes that Nvidia will remove this limitation.

For this reason, they’re asking the GPU maker to remove the LHR limitations in the GeForce RTX 30 Series firmware, threatening to leak the folder with the hardware specifications.

Other than the hope of having the mining limitations removed the group has also claimed it has stolen information pertaining to Falcon, the company’s proprietary control processor.

On March 1, Nvidia confirmed it had suffered a cyber attack. The statement makes no mention as to Lapsus$’s claims, this is typical in statements made to the press for fear of thwarting law enforcement investigations. Nvidia stated,

“On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.
Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily.”

Toyota Supplier Suffers Attack

Reuters reported that Toyota will suspend domestic factory operations on March 1. This is believed to result in the car giant losing around 13,000 cars of output, after a supplier of plastic parts and electronic components was hit by a suspected cyber attack. Following the announcement, no other information was released to the public.

Again the specter of war led to questions being asked if Russian state-sponsored groups had any part to play in the attack. These questions are not without merit as Japan has taken a strong stance of support for both the Ukrainian government and the nation's people.

The support was buoyed by Japan's supporting actions to remove Russia from the international payment transfer system SWIFT. Japan has also promised 100 million USD in aid for Ukraine.

It is important to note that there is no evidence to suggest Russia has been involved in both the Toyota attack and the one of Nvidia. This may change in the future but currently, the belief of the Russian government is responsible is purely based on suspected retaliation to western sanctions and support for Ukraine.

The Nvidia attack does seem to be financially motivated but far more information needs to be provided regarding the Toyota attack to even begin to point a figure.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal