Last week, Nvidia said that it was investigating an “incident” within the company but now the hardware maker has confirmed a cyber attack. Nvidia became aware of the breach on February 23 but it does not expect any disruption to its customer services.
The hackers behind the security breach are leaking employee credentials and the company’s proprietary information onto the internet. The hacking group called Lapsus$ has claimed responsibility for the attack. They are threatening to leak more sensitive information if Nvidia does not make its drivers open-source.
At first, the hackers only demanded Nvidia to remove the crypto mining limitations on its GPUs. The demand for open-source drivers was only added recently.
This sensitive information is going to include silicon, graphics, and computer chipset files for all recent Nvidia GPUs, including the upcoming Nvidia RTX 3090 Ti. Apparently, this information includes Nvidia’s closely guarded trade secrets for graphics and computer chipsets.
The hackers have given Nvidia until Friday to decide. They claim to have up to a terabyte of data from Nvidia and the hardware folder alone is reportedly 250GB.
Nvidia has not agreed to these demands yet but is working on improving its security, has notified law enforcement, and is working with cybersecurity experts to respond to the attack.
At first, there was speculation that the ransomware attack is linked to the conflict between Russia and Ukraine, but Nvidia says that there is no evidence pointing to it.
