NVIDIA has shared an update about the cyberattack it suffered last week. It turns out that the incident exposed NVIDIA staff credentials to attackers that was later leaked online.
NVIDIA Cyberattack Update
Recently, NVIDIA admitted suffering a cybersecurity incident and has now shared more details in the latest update.
According to their statements to the media, the incident happened on February 23, 2022, affecting the firm’s IT resources. It seems this impact resulted in its services going down for some time, as numerous users observed. NVIDIA didn’t admit any impact on its operations at the time.
However in the latest statements from an NVIDIA spokesperson, the firm confirms that the incident did affect its systems, following which, they started an investigation.
Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
Moreover, NVIDIA also confirmed a breach of employee credentials and admitted that the attacker has started dumping them online.
We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information.
However, despite admitting the breach, the firm has denied any ransomware involvement in the incident. Also, it has ruled out any possibility of the attack to have happened in the wake of the ongoing Ukraine-Russia conflict.
We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict.
Nonetheless, the partial acceptance of the data leak happening online resonates with LAPSUS$ ransomware group’s claims about attacking NVIDIA.
The threat actors not only boasted the successful data theft but also called NVIDIA “criminal” as the latter tried to hack them back.
It currently remains unclear if NVIDIA was also infected with ransomware during the attack.