The data extortion group Lapsus$ has claimed to have stolen over 1TB of data from Nvidia, including everything from employee password hashes to detailed schematics of GPUs. Lapsus$ is threatening to publish the entire dataset unless Nvidia pays them a ransom demand.
Lapsus$ claims that they were in Nvidia’s network for about a week and were able to escalate to administrator level permissions quickly on several systems. This allowed them to grab a large quantity of data related to Nvidia’s GPUs, including schematics and designs, drivers, and firmware for the devices, as well as sensitive internal information such as documentation, SDKs, and private tools. Lapsus$ has stated that they will remove a specific hardware folder that contains highly detailed information about GPUs if Nvidia agrees to remove Lite Hash Rate, or LHR, for their graphics cards. LHR is a technology that Nvidia designed in specific graphics cards to reduce its ability to mine cryptocurrency. Nvidia created this technology to try to make their graphics cards less desirable to cryptocurrency miners, thus allowing those who play computer video games to obtain them more readily and at a cheaper cost.
Nvidia has stayed rather quiet on Lapsus$’s claims of data theft, stating only that they are investigating an incident. Lapsus$ has also claimed that Nvidia has hacked them back, gaining access to a VM they utilized to steal the data and encrypting it with ransomware. Lapsus$, however, has claimed that they created a backup of the data so they still have access to it.