Rumor mill: Several online security groups are reporting that the South American hacker group Lapsus$ is claiming to have been behind the recent cyberattack on Nvidia. It’s also claiming that Nvidia hacked them in return, encrypted the stolen data, and ransomed back their machines. For now, this is just hearsay, but makes for a great turning-the-tables story.
Nvidia told the Telegraph on Friday that it was investigating a security incident, which the Telegraph believes involved Nvidia’s internal systems being “completely compromised.” Official sources haven’t said more.
Yesterday, Lapsus$ claimed to have stolen 1 TB of data from Nvidia and were threatening to leak Nvidia employees’ passwords and security details. It had some screenshots to support its claims, but they weren’t conclusive; the group may or may not have had that data.
Shortly afterward, Lapsus$ said that Nvidia hacked it in return. The group supposedly left one of its virtual machines enrolled in Nvidia’s mobile device management program, which gave Nvidia a backdoor into its systems. Nvidia remotely encrypted the stolen data and cut off Lapsus$’s access to Nvidia’s network, but the hackers claim to have made a copy of the data.
LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.
LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successfully ransomed their machines
— vx-underground (@vxunderground) February 26, 2022
In early December, Lapsus$ also took responsibility for a hack on Brazil’s health ministry that involved national immunization program data being deleted and possibly stolen. Lapsus$ said it would return the data for a fee, but the Brazilian government claims not to have paid and instead recovered the data and rebuilt its systems independently a month later.
This time, Lapsus$ hasn’t demonstrated a coherent strategy. Initially, it said that it would hold the data ransom. Then, the group insulted Nvidia and used the company’s political stance to justify the attack. Now, the hackers are saying they’re offended that Nvidia would hack them back and are leaking the data in retaliation.
Some sources say that Lapsus$ has leaked Nvidia employees’ security details on Telegram, but that’s yet to be verified. While not confirmed, it seems like Nvidia has had more than enough time to update its employees’ security details and make the leaked data useless.
Lapsus$ also claims to have proprietary information about Nvidia GPUs, but that data should be legally protected if related to their functionality. At this point, Lapsus$ seems to be struggling to convince Nvidia that they have enough leverage to justify a ransom.
Image credit: Kaur Kristjan