Nvidia, the world’s largest graphics chipmaker, has announced that a cybersecurity breach it has been investigating for about a week has resulted in the theft of company data. The Lapsus$ ransomware gang has claimed responsibility for the cyber-attack on Nvidia.
According to reports, the attack, which is still being investigated, knocked out the company’s email systems and developer tools, but it’s unknown if other aspects of the company’s operations were similarly impacted. It’s also unclear whether the incident puts any of Nvidia’s partners at risk.
According to The Telegraph, the uninvited entry “totally compromised” the company’s internal systems, but elements of its email service had resumed operating as of Friday, the 25th February. The terrible situation was confirmed by an Nvidia spokesman, although few specifics were provided. “We’re looking into an issue.” “At this moment, we don’t have any other information to share,” the representative stated. It’s unknown whether any data was stolen from Nvidia’s systems, or how much damage was done. According to sources, the corporation has not yet identified the attacker, the Telegraph says that the company has not informed any of its partners about the incursion. However, because Nvidia has so many partners, it’s unlikely that the article will be accepted.
Given the date of the attack, it’s fair to wonder if it’s connected to Russia’s recent action in Ukraine, given that the cyber strike started around the same time as the Russian incursion. Following the announcement of massive sanctions against Russia in retaliation for its acts, it’s plausible that hackers sympathetic to Russian interests may be launching a counter-attack, and a large and prominent firm like Nvidia would undoubtedly be a tempting target. However, Secretary of Homeland Security Alejandro Mayorkas stated a few days ago that the US is unaware of any particular and credible threats aimed at US corporations at this time, but that companies should be prepared just in case. It’s also possible that a country or organisation with no direct ties to the Ukraine/Russia conflict has decided to intervene now.
The impact of the attack was serious enough, according to Wccftech, that Nvidia had to take many of its internal systems offline to avoid further incursions or the propagation of malware throughout its network. This attack on Nvidia is similar to the 2017 Solar Winds incident, in which hackers compromised the company’s software update process, allowing malware to spread to clients, including several US government institutions.