The data extortion group Lapsus$ has claimed to have stolen over 1TB of data from Nvidia, including everything from employee password hashes to detailed schematics of GPUs. Lapsus$ is threatening to publish the entire dataset unless Nvidia pays them a ransom demand.
Lapsus$ claims that they were in Nvidia’s network for about a week and were able to escalate to administrator level permissions quickly on several systems. This allowed them to grab a large quantity of data related to Nvidia’s GPUs, including schematics and designs, drivers, and firmware for the devices, as well as sensitive internal information such as documentation, SDKs, and private tools. Lapsus$ has stated that they will remove a specific hardware folder that contains highly detailed information about GPUs if Nvidia agrees to remove Lite Hash Rate, or LHR, for their graphics cards. LHR is a technology that Nvidia designed in specific graphics cards to reduce its ability to mine cryptocurrency. Nvidia created this technology to try to make their graphics cards less desirable to cryptocurrency miners, thus allowing those who play computer video games to obtain them more readily and at a cheaper cost.
Nvidia has stayed rather quiet on Lapsus$’s claims of data theft, stating only that they are investigating an incident. Lapsus$ has also claimed that Nvidia has hacked them back, gaining access to a VM they utilized to steal the data and encrypting it with ransomware. Lapsus$, however, has claimed that they created a backup of the data so they still have access to it.
Data theft and extortion has become an increasingly popular tactic of threat actors recently, including during ransomware attacks. The theft and threat of releasing sensitive data to the public puts more pressure on companies to pay the threat actor’s ransom demand in order to prevent proprietary secrets or tradecraft from being publicly known. Preventing an attacker from exfiltrating sensitive data from a network requires properly implemented and maintained security controls in all areas of the environment, both internal and external. Alongside preventative controls, logging and monitoring controls need to be in place as well. These will help uncover techniques being used by threat actors that may be able to bypass preventative measures but are still abnormal enough that they can be easily detected and alerted upon. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.