LAPSUS$ attacks Nvidia

Incident Date:

June 25, 2022

World map

Overview

Title

LAPSUS$ attacks Nvidia

Victim

Nvidia

Attacker

Lapsus

Location

Santa Clara, USA

CA, USA

First Reported

June 25, 2022

LAPSUS$ Ransomware Gang Attacks Nvidia

The LAPSUS$ ransomware gang has attacked Nvidia. According to a security bulletin released by the company on March 8th, 2022, "NVIDIA became aware of a cybersecurity incident which impacted IT resources." The GPU manufacturer reportedly hardened its network in response to the attack and notified law enforcement agencies.

LAPSUS$ Demands

LAPSUS$ claimed it was seeking the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware to aid gamers and crypto miners. Nvidia LHR graphics cards detect when they're being used for Ethereum (ETH) cryptocurrency mining and automatically halve the hash rate.

Impact of the Attack

Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.

History of LAPSUS$

LAPSUS$ first emerged in late 2021 with a ransomware attack against the Brazilian Ministry of Health but was thought to be inactive after a series of arrests of its core members in the spring of 2022 despite taking credit for attacks on Uber and Rockstar Games while members were incarcerated. LAPSUS$ did not operate as a RaaS. Considered inactive by April 2022 following multiple arrests; some believe they re-emerged in September 2022 with attacks against Uber and Rockstar Games that prompted more arrests.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.