LAPSUS$ attacks Nvidia
Incident Date:
June 25, 2022
Overview
Title
LAPSUS$ attacks Nvidia
Victim
Nvidia
Attacker
Lapsus
Location
First Reported
June 25, 2022
LAPSUS$ Ransomware Gang Attacks Nvidia
The LAPSUS$ ransomware gang has attacked Nvidia. According to a security bulletin released by the company on March 8th, 2022, "NVIDIA became aware of a cybersecurity incident which impacted IT resources." The GPU manufacturer reportedly hardened its network in response to the attack and notified law enforcement agencies.
LAPSUS$ Demands
LAPSUS$ claimed it was seeking the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware to aid gamers and crypto miners. Nvidia LHR graphics cards detect when they're being used for Ethereum (ETH) cryptocurrency mining and automatically halve the hash rate.
Impact of the Attack
Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.
History of LAPSUS$
LAPSUS$ first emerged in late 2021 with a ransomware attack against the Brazilian Ministry of Health but was thought to be inactive after a series of arrests of its core members in the spring of 2022 despite taking credit for attacks on Uber and Rockstar Games while members were incarcerated. LAPSUS$ did not operate as a RaaS. Considered inactive by April 2022 following multiple arrests; some believe they re-emerged in September 2022 with attacks against Uber and Rockstar Games that prompted more arrests.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.