And this one is brand new.
NVIDIA had a significant cyber breach of 1 terabyte of data – and the hackers are extorting the company to allow NVIDIA’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s crown-jewel source code. The Lapsus ransomware group has already published a collection of leaked files. It is also demanding a change to the Lite Hash Rate, which limits some cards’ usefulness for crypto mining, or they’ll release the company’s data.
The group has ALSO stolen Nvidia’s code signing certificates, which can sign malware and appear trustworthy and allow malicious drivers to be loaded into Windows. The group has started leaking data after NVIDIA refused to negotiate with them.
This particular group is very active – they’ve also leaked a collection of data they claim to be from Samsung, including significant code across several categories of devices.
Why do we care?
And here it comes together with the extortion data. These are particularly egregious examples… but that should make them exactly the ones to highlight. Hackers are leveraging these companies’ assets entirely against them. These brutal examples are real. I may not like the security tax, but I’ll also note I pay it. This is not a space to go cheap on, because the consequences are now very targeted.