Hackers Threaten NVIDIA With 1TB Data Leak Including A Full GeForce Low Hash Rate Bypass
This story continues to get stranger. On the 25th, The Telegraph ran a story claiming to have insider knowledge of a hack at NVIDIA HQ. At that time, it wasn't known who was responsible or what their motives were; The outlet speculated that it may have been related to the ongoing conflict in Ukraine.
The very next day, however, it came out that the ransomware gang Lapsus was claiming responsibility for the attacks. The group said that it had stolen 1TB of data from NVIDIA's servers and was attempting to ransom it back to NVIDIA for an unspecified (but probably quite large) sum.
Amusingly, Lapsus claims that NVIDIA hacked them back, installing ransomware on the thieves' machines. If true, then it was likely an attempt to destroy the stolen data. Said attempt was supposedly fruitless, as even though the ransomware hit was successful, Lapsus claims it had already backed-up the stolen bits.
The first half of Lapsus' announcement this morning.
Well, after the story got some traction this weekend, Lapsus made a public announcement on Telegram essentially saying, 'NVIDIA, contact us or we'll release all of your private data'. As part of the data it stole, Lapsus claims to have "the most important stuff, schematics, driver, firmware, etc..." Such a data packet is a tantalizing prize, because things like GPU firmware and driver source code are tightly-controlled trade secrets that likely only a few even inside NVIDIA are allowed to access.
The group says is is also selling a "full LHR V2 (GA102-GA104)." Presumably what Lapsus means is an unlocker tool for the Lite Hash Rate limitation on some of the GeForce GPUs, not unlike the malware infested one that we saw going around last week. Lapsus says that if NVIDIA pushes a firmware update for "all 30 series" cards that removes the LHR limitation, it will "forget about the hw folder (it's a big folder)". Curiously, Lapsus insists that the LHR modifications "impact mining and gaming," a claim we have not seen elsewhere.
The back half. Image: CyberKnow on Twitter
Lapsus insists that it is not state-sponsored and that it is in fact "not in politics AT ALL." That could be a front, of course, but rumors going around Twitter place Lapsus as working either from South America or from the UK region, neither of which would have any particular political reason to hack NVIDIA. So saying, this attack does seem financially-motivated as we originally suspected.
It's not part of the group's announcement today, but previously Lapsus said that it expected to hear from NVIDIA by "Friday," presumably meaning March 4th considering it made that statement on Saturday. It will be interesting to see how or if NVIDIA responds. Obviously, we'll keep you posted as this story develops, so keep an eye here on Hot Hardware.