US chip giant Nvidia has claimed business activity has been unaffected by a cyber “incident” after earlier reports suggested IT systems were knocked offline for two days.
A report in The Telegraph late last week claimed that parts of the Santa Clara-headquartered firm’s business were “completely compromised” during the attack.
Separately, dark web intelligence experts posted screenshots indicating that the Lapsus ransomware group was responsible. They appear to reveal that the South American group already leaked password hashes for all Nvidia employees and that it had 1TB of stolen data in its possession.
However, a brief Nvidia statement played down the seriousness of the incident.
“We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” it stated.
A separate report from Bloomberg cited a “person familiar with the incident” who claimed the attack was relatively minor and not connected to any ongoing Russian state-backed cyber activity.
Separate claims suggest that the chip company had actually hit back at its attackers in an attempt to encrypt the stolen data. Screenshots from Lapsus brand the company as “criminals” because it turned the tables on the group to deploy ransomware on its servers.
“Access to Nvidia employee VPN requires the PC to be enrolled in mobile device management,” the group said. “With this they were able to connect to a VM we use. Yes, they encrypted the data. However, we have a backup and it’s safe from scum.”
Hacking back like this is not thought to be common practice among security teams, given the potential legal implications.
However, attitudes to it are softening in the industry. In a 2019 poll from Venafi, nearly three-quarters (72%) of respondents said that nation-states should be able to “hack back” when cyber-criminals target their infrastructure.
