Source: Schrödinger's metacosm, fast technology, etc
Author: Today Thursday
Internet of Things think tank collation and release
Guide
Recently, the international chip design giant NVIDIA encountered a troublesome thing, specifically it is quite diaphragm...
Recently, the international chip design giant NVIDIA has encountered a troublesome thing, and it is likely that it has evolved into a "TV series". When everyone focused on Russia, which was attacked by hackers from other countries, NVIDIA was also "patronized" by hackers.
If it is an ordinary individual or enterprise, if it encounters cyber hacker blackmail, it may either consider itself unlucky or may break the bank and eliminate the disaster. But who is NVIDIA? Who is Lao Huang?
When NVIDIA was first attacked by hackers, Lao Huang, who was "not much to say", directly ignored the requirements put forward by the other party, and his backhand invaded the hacker's system, like a big slap in the face of the other party.
However, although this move is very relieving, the next hacker operation seems to be beyond Nvidia's expectations...
LAPSU$: We hacked Nvidia, and it hacked us
Vx-underground, a website that specializes in collecting malware samples, was hit by a cyber ransomware attack last week, which even led to an outage of email and developer tools. The attack was carried out by an emerging cyber ransomware group from South America called LAPSU$.
While an Nvidia spokesperson claimed in its initial investigation that Nvidia was following up on the attack that "affected some systems and has caused downtime," the ransomware group has triumphantly and openly announced on social platforms:
"We have successfully broken through NVIDIA's network firewall and stolen nearly 1TB of data!!!"
To prove the authenticity of the attack, the ransomware group first published the password hashes of some Nvidia employees logging into the internal network, and claimed that data about RTX GPUs would soon be leaked.
Many media outlets have also reported on the matter, but the statements are not the same. The Daily Telegraph said in harsh terms that the company was undergoing a devastating cyberattack with internal systems completely destroyed, while Bloomberg reported that sources with knowledge of the incident said it was just a small ransomware attack.
Of course, no matter what the situation is, NVIDIA obviously did not sit still and obediently obey. The ransomware group later said Nvidia fought back, encrypting the data they stole.
The ransomware organization uses virtual machines to connect to NVIDIA's internal network through a VPN used by employees, which requires employees to register on MDM (Mobile Device Management) to connect to a VPN. Therefore, the ransomware organization believes that Nvidia discovered the virtual machine it used through reverse tracing and encrypted it, cutting off the attacker's access to Nvidia's internal network.
However, some security researchers believe that it may be that the attacker triggered the DLP (Date Loss Prevention) policy installed in Nvidia's internal program to cause the deletion of the data, and the ransomware organization misinterpreted it as Nvidia's counterattack.
What's more interesting is that the ransomware organization also staged a bitter love drama on social media.
"Look at it!!! Nvidia this criminal !!!!!!!!! (How excited do you have to use 9 exclamation points in a row?) )
A few days ago we launched an attack on NVIDIA, stealing 1TB of classified data!!!!!!
Today we woke up to find that Nvidia had attacked our machine with ransomware...
Fortunately, we've made a backup of our data.
But why do TMDs think they can connect to our private host and install ransomware!!!!!!!!!!! ”
emmmmmm......
Look at the angry tone, the extortion organization seems to really think of itself as a victim.... Ridiculous and infuriating!
However, since the blackmail has reached the head of Nvidia, the blackmail organization is not a good one. LAPSU$ said Nvidia may have thought it would be possible to control the impact without paying a ransom, but they have actually left a trailing hand and the stolen data has been copied.
Nvidia: It was hacked, but it was fine
After the incident, although Nvidia has said that the hack did not interfere with its normal business, the ransomware organization has leaked a large compressed document of nearly 20GB, and the compressed package has been extracted to up to 75GB of data, containing more than 400,000 files, most of which are considered highly confidential source code.
At present, in a large number of confidential documents that have been released, the codename of the NVIDIA Ada/Hopper/Blackwell architecture can be seen, and even the DLSS source code. The leaked version is DLSS 2.2, and the leaked information includes the C++ files, headers, and other files that make up DLSS, as well as a "programming guide" document to help developers quickly understand the code and build it correctly.
The technology is a pioneering artificial intelligence (AI) rendering technique that harnesses the power of deep learning neural networks to increase frame rates and produce beautifully sharp images for games.
In addition, according to the hackers, the data they obtained also included NVIDIA's product design blueprints, drivers, firmware, documentation, tools, SDK development kits, etc., which also had everything about Falcon.
Falcon is a special microcontroller architecture in all of NVIDIA's graphics cards, with applications across a wide range of functions, from program security to storage replication to video decoding.
It can be seen that if it is really all leaked, if not a devastating blow, it can also seriously hurt NVIDIA's vitality.
On March 1, LAPSU$ issued another presidential note, asking Nvidia to drive all windows, MacOS, and Linux versions of published and future graphics cards, and permanently open source them under the FOSS project agreement. If this is not done before this Friday, all NVIDIA has released product specifications, drawings, computing technology, etc. for all graphics cards, including the RTX 3090 Ti that has not yet been officially released, and future plans.
At present, NVIDIA has also issued the latest statement and officially confirmed the matter. NVIDIA acknowledged that it detected a "cybersecurity incident affecting IT resources" on February 23, 2022, and has further strengthened cybersecurity by hiring cybersecurity incident response experts and notifying relevant law enforcement authorities.
Nvidia also said there is no evidence that ransomware was deployed in Nvidia's server environment or was linked to the recent Russian-Ukrainian conflict. However, it is worth noting that Nvidia confirmed that the ransomware organization obtained Nvidia's employee credentials and some proprietary information, which is equivalent to confirming that LAPSU$ is not false.
The specific statement is as follows:
On February 23, 2022, Nvidia was informed of a cybersecurity incident affecting IT resources. Soon after we identified the problem, we further strengthened the network, hired cybersecurity incident response experts, and promptly escalated the incident to law enforcement.
There is currently no evidence that ransomware was deployed in the NVIDIA environment or that the incident was linked to the Russian-Ukrainian conflict. However, we found that malicious attackers obtained employee credentials and some proprietary information from our systems and began to leak this information online. Our team is working hard to analyze the content of the information and does not expect any disruption to our day-to-day business or customer service functions.
Security is an ongoing process, and NVIDIA has always attached great importance to security issues and will continue to invest in improving the quality and protection of code and products.
LAPSU$: No rush, let the bullets fly for a while
Looking at Nvidia's indifference, earlier today, the ransomware group struck again, and will sell LHR technology source code for a minimum price of $1 million, which can be used to crack the mining limits of RTX 30 graphics cards.
It is understood that NVIDIA's LHR technology can make the mining performance of RTX 30 series graphics cards, especially the ETH Ethereum computing power reduced by 50%, if there is an LHR source code, theoretically, the RTX 30 LHR graphics card computing power can be restored to full blood.
For miners who want to mine, it still sounds tempting. However, the recent business may not be as smooth as expected.
Because of the impact of international relations, the price of ETH has recently fluctuated, even if it costs $1 million to buy a source code to crack the graphics card limit, it is estimated that it will be difficult to return the cost before ETH 2.0.
Regardless of what, the story is far from the end, in the end is NVIDIA bowing its head and admitting it? Or will this blackmail organization be put to the end of the pot? And continue to pay attention ~
Resources:
1. "King's Peak Showdown!" Hackers hacked to Nvidia's head, and the old yellow backhand is a slap", Schrödinger's metacosm
2. "Rumors that hackers leaked NVIDIA 75GB of confidential documents, including DLSS source code!" 》,SegmentFault
3. "Extortion after the theft of NVIDIA's 1TB internal sensitive data: active counterattack failed", Internet security internal reference
4. "Hackers sell NVIDIA LHR source code RTX 30 graphics card mining can be full of blood" for $1 million, Fast Technology