Hackers that broke into Nvidia’s network disclosed a stockpile of stolen data, including genuine code-signing certificates presently being exploited in the wild. Several security experts have obtained instances of suspicious software payloads that leverage at least two of Nvidia’s digital certificates, according to reports. In a tweet on Friday, threat expert Mehmet Ergene detected many malicious files signed with one of the Nvidia certificates.
The certificates were purportedly provided as a current data payload by criminal hackers linked to the Lapsus$ ransomware group. The organisation claimed to have gained access to Nvidia’s business network and a large internal data cache.
Even though one of the security certificates is old, dating back to 2014, it is still valid for Windows systems. As a result, attackers can utilise the certificate to make their malware payloads appear legitimate AMD software updates.
Nvidia has yet to reply to a request for comment on the certificates’ publication. Although researchers have released Yara rules that administrators may employ to detect and stop malicious downloads, many end users may still be vulnerable to malware payloads masquerading as Nvidia graphics card firmware or software upgrades.
That escalated quickly #Lapsus
— Florian Roth ⚡️ (@cyb3rops) March 3, 2022
#Nvidia #LeakedCertificate
Mimikatzhttps://t.co/TrY6vL2mEE
KDUhttps://t.co/RDf6bnuArk pic.twitter.com/Jl4tpS5KEr
“On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources,” Nvidia said in a statement earlier this week. “Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.”
Hackers are using Stolen Nvidia certificates to authenticate malware
Nvidia has stated that the network intrusion had no impact on its day-to-day operations and did not expect it to alter. Meanwhile, the Lapsus$ hackers have threatened to expose more Nvidia material, including technical insights about future GPU designs and graphics card platforms.
The group’s primary demand is that Nvidia releases its graphics card drivers as open-source projects, which would allow developers to optimise the hardware better and add new features.
The hacker group specifically requests that Nvidia eliminate its Lite Hash Rate (LHR) limits, limiting GPUs’ ability to compute the equations required to mine cryptocurrencies. Nvidia used LHR to reduce the gaming sector’s mining purchases of graphics cards, which resulted in a vast product shortage.
Also Read:
NVIDIA hackers have now targeted Samsung in their latest heist
