Claims that threat actors said hardware giant had ‘hacked back’ have surfaced


The Lapsus$ ransomware gang has allegedly claimed responsibility for a cyber-attack against graphics chipmaking giant Nvidia.

Breaking the story on Friday (February 25), The Telegraph reported that attackers had compromised Nvidia’s internal systems over the previous two days, causing outages of its developer tools and email systems.

The newspaper added that an insider had said parts of its email systems had started working normally by Friday.

Catch up on the latest cyber-attack news

Nvidia, which launched the world’s first graphics processing unit (GPU) in 1999, has intimated that the business has not been operationally disrupted.

“We are investigating an incident,” a spokesperson told The Daily Swig. “Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.”

There’s no evidence that the incident is connected to Russia’s ongoing invasion of Ukraine.

Lapsus$ claims

Bloomberg reported on Friday that the incident appeared to involve a “relatively minor” ransomware attack, according to sources.

Then on Saturday morning (February 26), dark web intel outfit DarkTracer tweeted screenshots that purportedly showed messages from Lapsus$ actors claiming they had leaked password hashes for NVIDIA employees.

In the messages the attackers also revealed plans to release 1TB of stolen data soon, potentially in five batches, if Nvidia it didn’t pay up.

YOU MIGHT ALSO LIKE Flurry Finance heist nets crypto thieves $295k

The next day, on Sunday (February 28), ‘infosec enthusiast’ Soufiane Tahiri posted additional screenshots supposedly showing Lapsus$ announcing the first data dump, comprising “source code and highly confidential/secret data”.

According to Emsisoft threat analyst Brett Callow, Lapsus$ claimed that Nvidia had “successfully hacked back”. Callow posted screenshots apparently showing the group explaining that the company had connected to the attackers’ virtual machine and encrypted its data.

However, security expert Marcus Hutchins responded: “To me this sounds a lot like LAPSUS$ installed Nvidia’s corporate agent on their own machine then triggered a data loss prevention policy, which they mistook for ransomware because they’re morons.”

Lapsus$ only announced itself at the turn of the year with attacks on Portuguese media conglomerate Impresa and various other targets.

RELATED Bridgestone Americas ‘disconnects’ manufacturing facilities following ‘security incident’