Source: https://cobaltstrike.net/2022/02/28/530353-php/
The Vx-underground group that publishes malware samples, reported on Twitter, the South American group LAPSU$ is behind the alleged cyber-extortion attack on NVIDIA.
The attackers allegedly attacked NVIDIA’s internal servers and stole more than 1 TB of data. The company did not confirm this information, but only said that it was investigating the alleged incident.
As SecurityLab previously reported, NVIDIA was the victim of an alleged cyberattack using extortionate software.
But the most interesting is yet to come. As it turned out, the company attacked hackers in response in an attempt to encrypt the stolen data, but the group made a copy of them on its virtual machine, and the measures taken by NVIDIA proved ineffective.
Apparently, hackers gained access to the company’s employees’ e-mail, which explains NVIDIA’s problems with the mail system in the last two days. The group has also published the source code of NVIDIA drivers, but the true extent of the leak is still unclear.
Updated: NVIDIA managed to access and encrypt data through its own VPN due to the fact that an image of an NVIDIA virtual machine was used. In other words, the company did not hack hackers, but gained access to the virtual machine image of one of its own systems and encrypted the data stored on it. However, unfortunately for NVIDIA, LAPSUS$ has created backups of the virtual machine and data.