Nvidia admits data leak, doesn’t say if it hacked back

Join today’s leading executives online at the Data Summit on March 9th. Register here.

Technology giant Nvidia said Tuesday that a “cybersecurity incident” last Wednesday has led to a leak of employee credentials and proprietary information online.

Following reports about the breach last week, a threat actor claimed to have attacked Nvidia, one of the largest producers of graphics chips, and threatened to post company information on its public Telegram channel.

The threat actor, Lapsus$, which is believed to operate in South America, also posted a message saying that Nvidia had hacked back. Nvidia has not responded to an inquiry on that possibility and did not address that element in its statement.

Lapsus$ said on its Telegram channel that 1TB of data was removed by Nvidia, and that Nvidia had encrypted the group’s data (though the group says it had a backup).

Hacking back is “unusual, but certainly not unheard of,” said Brett Callow, a threat analyst at Emsisoft, in a previous message to VentureBeat. Often the goal is to prevent leaks of stolen data, he said.

If that approach was in fact taken by Nvidia, it doesn’t appear to have solved the problem.

“We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,” Nvidia said in a statement provided to VentureBeat. The company did not provide further specifics on what information was leaked.

“Our team is working to analyze that information,” Nvidia said. “We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.”

The company described the attack last Wednesday as a “cybersecurity incident which impacted IT resources.”

“Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” Nvidia said in the statement, adding that “we have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict.”

Russia-Ukraine not a factor

Previous reports had indicated that ransomware may have been involved, but noted that there did not appear to be a Russia-Ukraine connection. The U.S. government has warned of increased threat of cyberattacks on U.S. businesses and agencies in the midst of Russia’s invasion of Ukraine, which has included a number of cyberattacks that Russia is suspected of.

“Security is a continuous process that we take very seriously at Nvidia – and we invest in the protection and quality of our code and products daily,” the company said in its statement.

The cyberattack against Nvidia was first reported by The Telegraph, which said Friday that the company had been investigating “a potential cyberattack that has taken parts of its business offline for two days.” That timetable fits with what Nvidia disclosed in terms of an attack on Wednesday.

Quoting an unnamed “insider” at Nvidia, The Telegraph reported that the potential cyberattack had “completely compromised” internal systems at the company — “although some email services were working on Friday,” the report said.

The potential “malicious network intrusion” had caused outages for the company’s email systems and developer tools, the report said.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Source: Read Full Article