Nvidia confirms it’s investigating an ‘incident,’ reportedly a cyberattack

Nvidia is confirming to The Verge, Bloomberg, Reuters, and others that it’s investigating an “incident” — hours after The Telegraph reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over...

Nvidia confirms it’s investigating an ‘incident,’ reportedly a cyberattack

Nvidia is confirming to The Verge, Bloomberg, Reuters, and others that it’s investigating an “incident” — hours after The Telegraph reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over the past two days.

“We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” reads a statement via Nvidia spokesman Hector Marinez.

Even The Telegraph’s sources aren’t suggesting that Nvidia has necessarily had any data stolen or deleted, and there’s no current suggestion that the “incident” might be linked to Russia’s invasion of Ukraine, though cyberattacks have been part of the offensive, and internet infrastructure has also been a target there.

Bloomberg is now reporting it was a minor ransomware attack, citing a “person familiar with the incident.”

[ALERT] LAPSUS ransomware gang leaked the credentials of NVIDIA employees. And announced that it would soon release 1TB of stolen data. pic.twitter.com/0WVb7G88So

— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) February 26, 2022

Early Saturday morning, the dark web intelligence firm DarkTracer tweeted that Lapsus$, a ransomware gang recently linked to an attack on Portugal’s largest TV channel, has claimed responsibility, leaking what it says are the password hashes for Nvidia employees, and indicating it has other data including source code and information related to RTX GPUs. Soufiane Tahiri posted a later message from the group to Twitter, where they claimed the company tried to delete their data in a virtual machine via the VPN and device management platform it uses. They apparently claim to still have a backup of the data that they are threatening to leak. There’s still no indication publicly that this is incident is tied to Russia’s invasion.

If a US-based company like Nvidia had been targeted, though, it could provoke retaliation from the United States. “If Russia pursues cyberattacks against our companies, our critical infrastructure, we’re prepared to respond,” President Biden said during his Thursday address.

While the alleged attack reportedly knocked out Nvidia’s email, we did receive Nvidia’s statement today from an Nvidia email address.

Nvidia also mysteriously asked press late Wednesday evening to push back a minor announcement that would have arrived on Thursday, without providing an explanation. That timing lines up with when The Telegraph reports that Nvidia’s systems were compromised.

Update, 5:47PM ET: Added that Bloomberg is now citing a source that the “incident” was a ransomware attack.

Update, February 26th, 6:37ET: Added information about Lapsus$ Group claiming to be responsible for the ransomware attack.