"US microchip powerhouse Nvidia hit by cyber attack Parts of its business are 'completely compromised'... America’s biggest microchip company is investigating a potential cyber attack that has taken parts of its business offline for two days..." [Paywall] https://www.telegraph.co.uk/business/2022/02/25/us-microchip-powerhouse-nvidia-hit-cyber-attack/
"Nvidia hit by potential cyberattack Nvidia has been hit by a potential cyber attack that has impacted the company's email systems and developer tools The suspected hack, from an unidentified attacker, has 'completely compromised' the company's internal systems, though... some of its email services were operational on Friday..." https://seekingalpha.com/news/3806126-nvidia-hit-by-potential-cyberattack-report
One source says it was a "minor ransomware attack." (cr. Bloomberg). I wonder if this was a targeted attack.
"Leaked stolen Nvidia cert can sign Windows malware... An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems. At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal..." https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
Yes of course it was a targeted attack. But do not forget, it's not always Windows that is the main entry point, it's often software like Citrix, MS Exchange, Pulse VPN and even Linux servers getting hacked. I've read that Linux is getting attacked with ransomware more and more. https://www.zdnet.com/article/this-sneaky-ransomware-is-now-targeting-linux-servers-too/ https://www.wilderssecurity.com/thr...ing-linux-servers-for-almost-a-decade.427703/
Getting crazier all the time. I read yesterday that the same group that hacked NV also hacked Samsung and stole its source code. Further, NV's stolen certificate can now be used to sign malware, it seems, reading hawki's post above. My two "favorite" tech corporations--hacked!!
Configuring your EDR tooling to notify on the compromised certs is going to be noisy and require a huge amount of tuning .... thoughts ?? https://www.bleepingcomputer.com/ne...sing-stolen-nvidia-code-signing-certificates/
Yes correct, they also hacked Samsung and it seems to be quite a serious hack. Seems like these companies need to take security a bit more serious. On the other hand, I would like to know a bit more about their defense tools, were they simply bypassed or perhaps they were not configured the right way.
