Nvidia has spent the last few days investigating whether its systems have been hacked and confirmed that it had data stolen from their servers. Claiming the attack is a group called Lapsu$ Group. Hackers demand that Nvidia open source their video card drivers.
The incident began to be investigated on February 23, when Nvidia became aware of the issue. The extent of the attack is still unknown, but the company confirmed that employee data and confidential proprietary information was captured. About 20 GB of stolen data would have already leaked onto the internet.
In the note on the matter, Nvidia does not mention Lapsu$ Group. The name only came to light when the group itself took over the attack on a Telegram channel. They claim that 1TB of “highly confidential/secret” data was captured, including proprietary codes.
Among these codes would be the hash rate limiter code that reduces the performance of RTX 3000 video cards when mining Ethereum.
Lapsu$ wants Nvidia to open source code
There is no confirmation, but everything indicates that the attack against Nvidia was carried out through ransomware. But contrary to what is common with this type of malware, Lapsu$ Group would not be interested in money, at least not right away.
On Telegram, the group demanded that Nvidia make its video card drivers for Windows, macOS and Linux “fully open” by March 4.
If the demand is not met, the group threatens to leak confidential data from the company’s graphics chips, including the GeForce RTX 3090 Ti model (not yet officially released) and the company’s next generation of GPUs (the RTX 4000 series, presumably).
Initially, the group had only demanded that Nvidia unlock the Ethereum mining limit on RTX 3000 cards. The new demand came after the group offered, for $1 million, a tool capable of disabling the limiter.
If such a tool exists (and works), it is possible that it was based on the corresponding source code obtained by Lapsu$. In any case, it is unlikely that anyone would pay such a high amount for this feature.
The attack is reported to have affected Nvidia’s email services and developer tools for two days, but in its statement, the company says it “does not anticipate any disruption to our business or our ability to serve customers.”
The attack remains under investigation.