Earlier this week, Lapsus$ claimed responsibility for leaking the source code for DLSS and information about six alleged unannounced GPUs. Along with the demand to remove the 30-series mining limiter, the digital ransom note requires Nvidia to make its RTX GPU drivers open source.
A South American hacker group claimed to have had access to Nvidia servers for over a week and managed to steal at least 1TB of data during a ransomware attack. Nvidia confirmed PC Mag that “an attacker took employee credentials and some sensitive Nvidia information from our systems and started leaking them to the network.”
Today’s employee credential leak includes employee email addresses and NTLM password hashes, which, according to I was deceived already “being hacked and distributed in the hacker community”. This appears to include former and current employees as Nvidia had 18,100 employees as of October 2020.
On Tuesday, Lapsus$ changed its requirements and said that Nvidia has until Friday, March 4, to make all current and future GPU drivers open source. If Nvidia doesn’t comply, the group is threatening to reveal silicon chip files and what it calls “highly guarded trade secrets of graphics and computer chipsets” in a public Telegram message group.
The “choice” the hackers are offering to Nvidia reads like a note that someone like Kite or Seasoning King will leave on the computer screen of the mayor of Gotham City. As of this writing, Nvidia does not appear to have complied with Lapsus$’s requirements. Nvidia told PC Gamer in a Feb. 28 statement that the incident is under investigation and “commercial activity continues uninterrupted.” We’ve reached out to Nvidia again for comment on today’s leak and will update when we hear back.