Technology company NVIDIA has received a rather odd request from a group of hackers calling themselves Lapsus$. The organization is asking that the company make their graphics cards capable of mining faster. If NVIDIA does not comply, the hackers will release the over one TB of data they’ve allegedly stolen.
NVIDIA Has Gotten an Odd Request
Normally, hackers have much more malicious intent when they engage in taking over a network or system of some kind. Never was this more prominent in cases such as Mt. Gox or Coincheck, two Japan-based crypto exchanges that saw millions of dollars in bitcoin and other assorted cryptocurrencies disappear in 2014 and 2018, respectively. Overall, roughly $1 billion in crypto was taken from these firms by hackers that sought to simply make off with money they didn’t earn.
In addition, the Colonial Pipeline attack that occurred in early 2021 saw an entire team of hackers encrypt the item’s data in exchange for a bitcoin ransom. In cases such as these, the hackers seem to want money, and they go through great lengths to get it.
But in this case, the hackers are claiming to be of the “white hat” breed. In other words, they say they’re doing this as a means of helping the growing crypto mining industry. In a Telegram message, alleged Lapsus$ members say:
We decided to help the mining and gaming community. We want NVIDIA to push an update for all 30 series firmware that removes every LHR limitation. Otherwise, we will leak the HW folder. If they remove the LHR, we will forget about the HW folder (it’s a big folder). We both know LHR impacts mining and gaming.
LHR is an acronym for lite hash rate. This was a feature NVIDIA adopted last year to place limits on ETH mining. This way, more graphics cards could be available for their initial purposes.
Make the Graphics Cards Stronger!
The organization claims to have stolen data that pertains to approximately 71,000 separate employees of the NVIDIA enterprise. This information reportedly includes login credentials and email addresses. In response to the matter, NVIDIA has issued a public statement. It reads as follows:
On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers due to the incident.