Hackers Allegedly Get Hands on NVIDIA’s LHR Bypass, GPU Drivers, Firmware, etc, Threaten To Leak It Unless Demands Are Met
The hacker group, LAPSUS$, managed to access NVIDIA servers and tried to inflict ransom but they were allegedly hacked back by the company itself. NVIDIA also tried encrypting the stolen files but it looks like the hackers already made a backup of over 1 TB of files that they had exfiltrated. These files and the information contained with them including drivers, firmware, documentation, private tools, and SDKs could possibly be leaked by the hackers like they have said until their demands are met. The following series of tweets are from the Telegram group which the hackers have made and can be accessed by the public though we would want our readers to avoid taking part in such activities.
— CyberKnow (@Cyberknow20) February 28, 2022
— CyberKnow (@Cyberknow20) February 28, 2022
— ланук (@b3ard3dav3ng3r) February 28, 2022 According to the internal group messages over in Telegram, the group states that they are selling the full LHR V2 bypass for NVIDIA’s Ampere GA102 and GA104 GPUs. The GPUs power most of the NVIDIA GeForce RTX 30 series gaming graphics card lineup which was re-released in the LHR flavor to tackle miners. If leaked to the public, such a bypass could once again open up the doors for GPU miners to gobble up gaming graphics cards as they are often more valuable of an option compared to mining-specific cards such as the CMP series. One of the demands that the hackers are making is to remove the LHR limit once and for all from all GeForce RTX 30 series graphics cards. They say that this move is ’to help mining and gaming community’ and if NVIDIA does so, they will forget about the hardware folder which contains the bulk of data. In addition to this, the hacker group claims to have accessed information of all the employees working at NVIDIA and has published power hashes for people in the group to access.
They also leaked online what they claim to be password hashes for all Nvidia employees. BleepingComputer has not been able to independently verify the gang’s claims.https://t.co/XZEmlihfvx pic.twitter.com/oBKTf6Q3uJ — BleepingComputer (@BleepinComputer) February 26, 2022 This whole thing is quite absurd and we hope NVIDIA will be able to take care of this soon. Leaking employee information is a very serious offense and posting confidential software/hardware info is and can lead to damaging results for a specific company.