U.S. chipmaker NVIDIA announced on Tuesday that a cyber intrusion on the company’s network had exposed sensitive material, including source code supposedly related to its Deep Learning Super Sampling (DLSS) technology.
In a security advisory, NVIDIA stated that it had no indication that ransomware had been installed on the NVIDIA environment or that the attack was tied to the conflict between Russia and Ukraine. However, the company came to know that a hacker has stolen employee credentials and NVIDIA sensitive information from their systems and is distributing it online.
There are also password hashes and email addresses for 71,335 of the company’s workers involved in this heist, according to what the data breach notification service, Have I Been Pwned, has disclosed.
According to the organization, the issue was discovered on February 23rd. NVIDIA has taken steps to investigate the leaked information and has advised all of its workers to change their passwords immediately.
In a development, the attackers claimed that NVIDIA has hacked back and encrypted the stolen data with ransomware and that the contents were restored from a backup.
Following that, the invaders altered their demands and demanded that NVIDIA release a software update that would remove the Lite Hash Rate (LHR) feature from their graphics cards. The main purpose of the LHR technology is to decrease Ethereum mining efficiency and prevent cryptocurrency miners from purchasing gaming-oriented GPUs.
According to a message in their Telegram channel, the cybercriminals said that NVIDIA’s GPU drivers for Windows, macOS, and Linux should be entirely open-source (and distributed under a FOSS license) from now on and forever. They also threatened with future leaks and offered an LHR bypass tool for $1 million.
NVIDIA, on the other hand, has been unfazed by the developments. The company claimed in a statement that the event will not have an impact on its operations or capacity to service its clients.
Confirmation of the attack comes just a few days after The Telegraph reported that the corporation is investigating a possible cyberattack that has shut down parts of its operations for two days. Sources have been attributing the incident to a mild ransomware attack.
The extortionist group LAPSUS has claimed responsibility for the disclosure of what it claims to be stolen sensitive information until a “fine” is paid. This group was also behind the attacks on Impresa, Localiza, Claro, and Embratel earlier this year.