NVIDIA says employee credentials, proprietary information stolen during cyberattack

NVIDIA said employee credentials and proprietary information were stolen during a cyberattack they announced on Friday. 

The microchip company said it first became aware of the incident on February 23 and added that it impacted its IT resources.

“Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online,” an NVIDIA spokesperson told ZDNet. 

“Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident. Security is a continuous process that we take very seriously at NVIDIA — and we invest in the protection and quality of our code and products daily.”

British newspaper The Telegraph reported that the company had been facing two days of outages last week related to email systems and tools used by developers. 

Reports later emerged online that South American hacking group LAPSU$ claimed it was behind the attack on NVIDIA. The group claimed to have 1 TB of data that included employee information. 

In screenshots from their Telegram channel, a LAPSU$ member claims NVIDIA put ransomware on their system after the hack.

“Access to NVIDIA employee VPN requires the PC to be enrolled in MDM (Mobile Device Management). With this they were able to connect to a [virtual machine] we use. Yes they successfully encrypted the data,” the group claimed in a subsequent message. 

“However we have a backup and it’s safe from scum! We are not hacked by a competitors groups or any sorts.”

Emsisoft threat analyst Brett Callow noted that the Telegram channel where these messages were posted is now “temporarily inaccessible.”

“While hacking back is not common, it has certainly happened before,” Callow said. “Deploying ransomware on the attackers network may prevent them from leaking whatever data they exfiltrated.”

Earlier this year, LAPSU$ hacked and extorted Portugal’s largest TV channel and weekly newspaper. Blue Hexagon CTO Saumitra Das said ransomware gangs can now cause brand damage and steal IP without actually deploying the final ransomware payloads.

“There is always a tradeoff for the attackers between encrypting data and stealing data because encryption and deletion can trigger alarms at organizations with mature security programs and take away the leverage from the attackers,” Das said.