[Security Weekly] NVIDIA Credentials and Proprietary Information Stolen by LAPSU$ Hacker Group

nvidia lapsus thumbnail

March 2022, Issue I


1. NVIDIA credentials and proprietary information stolen by LAPSU$ hacker group

NVIDIA suffered an attack by the LAPSU$ hacker group on February 23, who claimed to have stolen 1 TB of employee login credentials and proprietary information from NVIDIA’s IT systems. So far, a sample set of nearly 20 GB has been leaked online.

NVIDIA claimed that its operations remained unaffected as no ransomware was deployed in its network. However, stolen data seemed to contain highly sensitive information from internal documentation to private tools and software development kits. The South American hacker group threatened NVIDIA that it would release all stolen data if the company does not immediately uplift all LHR limitations for its GeForce RTX 30 Series GPUs. 

LHR (Lite Hash Rate) is a smart technology developed by NVIDIA to automatically limit the GPU’s performance when being used for cryptomining. LHR was developed in an effort to prevent cryptominers from buying its high-performance GPUs, which had caused continuous GPU shortages for high-end PC manufacturers and gamers.

Later reports said that NVIDIA launched a retaliatory attack against LAPSU$ by deploying ransomware on its servers, possibly as an attempt to prevent the hackers from leaking the stolen data. NVIDIA has not made any official claim on this attack.

Sources: ZDNet, Bleeping Computer, PC Gamer


2. Toyota shuts down all plants in Japan for 24 hours after supplier hit by cyberattack

Toyota halted all manufacturing activities at 28 production lines across 14 Japanese plants on March 1 due to a cyberattack at Kojima Industries, a crucial supplier of electronic components and plastic materials to the automaker.

Kojima Industries said that it first saw an error message from a file server on February 26. After reloading the server, it learned that the server had been compromised and that a “threat message” was left by the attacker. Although possibly a ransomware attack, the company did not make any further comments.

The attack happened right after Japan announced its decision to join the SWIFT sanctions against Russia and send $100 million in aid to Ukraine, leaving speculations that the attack might be a retaliatory measure by Russia. The Japanese government later warned all organizations to prepare for potential cyberattacks from Russia.

Toyota’s just-in-time (JIT) manufacturing makes it vulnerable to supply chain disruptions caused by cyberattacks. Even though most large corporations have advanced cybersecurity measures in place, smaller suppliers face a higher risk. Experts estimated a loss of 13,000 vehicles as a result of the 24-hour shutdown. 

Sources: Threatpost, Reuters, CNN, The Japan Times


3. Ukraine hit by second wave of DDoS and data wiper attacks, retaliates with data leak

Shortly after Ukrainian government agencies and state-owned banks were attacked by a massive DDoS attack, on February 23, a second wave of attacks impacted the Ukrainian Defence Ministry and Armed Forces. Confirmed to be linked to Russia’s cyberforce, the attackers utilized multiple DDoS-as-a-Service platforms including Mirai.

At the same time, ESET disclosed on Twitter that hundreds of IT systems in Ukrainian organizations were infected with the novel HermeticWiper, which corrupts drivers of disk management software and destroys data. This is the second wiper attack Ukraine has suffered in a month; the first being WhisperGate in January, a wiper disguised as ransomware.

On March 3, Ukrainian newspaper Ukrayinska Pravda published what it claimed to be the personal information of 120,000 Russian soldiers deployed in the invasion, including the names, registration numbers, and place of service. 

Sources: Infosecurity, TechTarget, CSO Online


4. Logistics giant Expeditors halts global operations after cyberattack

Expeditors International, a Seattle-based logistics and freight forwarding giant, disclosed a massive cyberattack on February 20, which forced the company to shut down all IT systems across a network of more than 350 locations in over 100 countries.

Expeditors claimed that it could still manage to conduct limited operations, such as shipment handling and distribution for existing orders. Although the company did not comment on whether this was a ransomware attack, the scale of the shutdown suggests a high possibility of ransomware deployment.

Sources: ZDNet, Infosecurity, Bleeping Computer


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security