Following a cyberattack that took Nvidia’s systems offline for two days last week, the hacking group behind the initial breach has now revealed it has allegedly gained access to over 1TB of data from the tech giant.
When the attack was originally reported on Friday, there wasn’t too much information provided beyond the fact that Nvidia was “investigating an incident.” However, over the weekend, there were some extremely interesting developments pertaining to the situation, which includes purported retaliation by Nvidia.
Cyber breach details reveal extent of hack
Firstly, hacking group LAPSUS$ stated that the hack it carried out resulted in gaining entry to Nvidia’s servers for about an entire week. As a result of this unprecedented access, it says it was able to extract 1TB of data, including schematics, drivers, firmware, and more.
“We also have documentation, private tools and SDKs, and everything about falcon [microprocessors for NVIDIA GPUs based on a custom architecture], we know what is valuable,” the South American group explained on Telegram.
According to VideoCardz, the group has released the first batch of the leak. The publication’s sources indicate that the “partial data included in the package appears to match the claims.”
One important piece of data originating from the hack the group claims it now has in its possession is an LHR V2 bypass for GA102-GA104 GPUs. As reported by VideoCardz, that means LAPSUS$ located the main algorithm used to implement the cryptocurrency mining hash rate limiter that Nvidia applied to its RTX 30-series of graphics cards in 2021. It says it is currently selling the LHR V2 bypass, but added that the group hopes Nvidia removes it soon.
Most recently, a tool that was claimed to remove the mining limits imposed on various Nvidia GPUs was proven to be malware. But if these hackers’ assertion that they stole the algorithm behind the limiter is actually true, then a program to unlock full mining performance for some of the most popular video cards may very well materialize in the near future.
As detailed in its Telegram posts revealing the extent of the hack, the group said that in an effort to “help” the mining and gaming communities, it wants Nvidia to “push an update for all 30-series firmware that remove every LHR limitation.” If the company does not meet this specific demand, LAPSUS$ threatens to leak the “hw folder.”
Moreover, should Nvidia fail to contact the hackers, the group “will take actions.” While the exact motive behind the hack may potentially be related to extracting as much monetary value as it can, LAPSUS$ stresses the attack is not politically motivated, nor is it state-sponsored.
Nvidia fights back
In an interesting turn of events over the weekend, Nvidia has seemingly fought back by, well, hacking the hackers. According to a tweet from vx-underground, as reported by Kitguru, Team Green “performed a hack back” and subsequently “ransomed [the group’s] machines.” A statement from the group further elaborated on Nvidia’s actions, apparently confirming that the firm encrypted its hard drives. However, LAPSUS$ asserts it was able to generate a backup containing the breached data.
LAPSUS$ commented on Nvidia’s alleged counterattack in another Telegram post. Access to the GPU and chip manufacturer’s VPN required the PC “to be enrolled in MDM (Mobile Device Management).” Due to this method that was utilized by the hackers to initially infiltrate Nvidia’s systems, the firm was “able to connect to a VM [virtual machine] we use.”
“Yes they successfully encrypted the data. However we have a backup,” it added.
Either way, it’s unheard of for a company of Nvidia’s size to initiate its own counterassault of this nature, regardless of whether it was in the form of a hack or not.
As for Nvidia’s acknowledgement of the purported exploits, it confirmed it is “investigating an incident” on Friday. Beyond that admission, LAPSUS$ said the company “filed [an] abuse report.”
Elsewhere, as reported by Bloomberg, Nvidia said its “business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.” Additionally, a Bloomberg source familiar with the matter said the cyber breach “looks to be relatively minor and not fueled by geopolitical tensions.”
News of the cyberattack failed to negatively impact Nvidia’s stock prices. Instead, shares actually increased by 1.7% to $241.57 when the markets closed on Friday. That said, Bloomberg highlights how stocks for the chipmaker (with the company valued north of $600 billion) have been on a downward trend during 2022 thus far (by 18% to be exact).
The hack comes at a time when Nvidia’s proposed $66 billion acquisition of British chip designer ARM was officially canceled amid intense regulatory pressure from several governmental bodies.
