• Contact Us
  • Request a Quote
  • English
      Language Translation
    • English
    • Deutschl
    • Italia
    • France
    • Türkiy
    • España
    • 대한민국
    • 日本语
    • русский
    • Vietnam
BOM

Technologies

News information
Home News information Nvidia/Samsung were attacked one after another, and confidential information was leaked, involving RTX 40 series graphics cards and Qualcomm source code

Nvidia/Samsung were attacked one after another, and confidential information was leaked, involving RTX 40 series graphics cards and Qualcomm source code

Release on : Mar 8, 2022

Not long ago, this South American-based hacker group also planned to attack the international GPU leader Nvidia. It is reported that the email addresses and NTLM password hashes of former NVIDIA employees and about 20,000 existing employees, as well as sensitive data related to NVIDIA GPUs, were obtained by hackers.

Lapsus$ lurks at Nvidia for a week

On February 26, local time, sources broke the news to the media that chip maker Nvidia encountered cybersecurity threats, and developer tools and email systems suffered massive outages. Subsequently, Nvidia said in a statement to ISMG, "We are investigating an incident and are working to assess the nature and scope of the incident, but our business and commercial activities will not be suspended."
On February 28, local time, relevant media further reported that Nvidia was hacked, and pointed out that some of Nvidia’s businesses were interrupted for at least two days due to the attack.

Later, Nvidia officially responded, "Please rest assured that all the company's business is normal at present. We counterattacked and hacked the other party's host in time, and Nvidia was not affected in any way."

However, a user posted on Twitter that the South American ransomware group Lapsus$ claimed responsibility for the incident and claimed to have leaked more than 1TB of proprietary data. The organization said that the attack was not actually launched on the 26th. They have been lurking inside NVIDIA's system for the past week, and about 1TB of NVIDIA's top-secret data has been obtained, including the long-awaited 2021 technology fans but not Design data for the released RTX 40 series graphics cards.

According to the news disclosed by Lapsus$, on February 27, when the two sides were fighting a tug of war, Nvidia took the initiative to delete the data in the server, which stimulated the organization and decided to remove some Nvidia GPU drivers, mining lock software source code, etc. Highly confidential data leaked out. In the process, the group also said, "If Nvidia contacts us via email and pays, we will ensure that the data will not be leaked." However, from the current development, Nvidia has coldly dealt with the threat.

Some people in the industry replied under the relevant Twitter content that the data leaked through Lapsus$ can roughly deduce the high-density data indicators of some RTX 40 series graphics cards of NVIDIA, and confirmed the existence of Ada, Hopper and Blackwell GPU architectures.

On March 1, local time, Lapsus$ also asked NVIDIA to permanently open source all Windows, MacOS, Linux and other version drivers for released and future graphics cards under the FOSS agreement. It is reported that this is to eliminate the limitations of NVIDIA GPUs such as RTX30 series graphics cards in cryptocurrency mining. If Nvidia does not do so, Lapsus$ will disclose Nvidia employee email addresses and NTLM password hashes, as well as high-level profiles of all Nvidia released and unreleased GPUs, including the RTX 3090Ti.


Lapsus$ Threat Statement
However, on March 2, local time, Nvidia officially responded to the threat and the industry's concerns. "The company has hardened its network, hired cybersecurity incident response experts, and notified law enforcement, and the incident is not expected to cause any disruption to the company's business or its ability to serve customers," Nvidia said.

So, in response, Lapsus$ spread over 70,000 employee email addresses and NTLM password hashes to the hacker community.

However, more information about the NVIDIA RTX40 series GPUs that the industry is more concerned about, and other top-secret information in the 1TB data did not appear.

At present, the game between Nvidia and Lapsus$ is still in the game. Of course, only Nvidia itself knows how much data is in the hands of hackers and what impact this data leakage will have.

In any case, Nvidia will definitely not do anything that will damage its RTX 40 series graphics card products, and we all know how important this series is to Nvidia. According to the 2022 financial report previously released by Nvidia, the net profit was US$97.75, equivalent to RMB 61.9 billion, which doubled the net profit year-on-year. The reason why NVIDIA can hand over such dazzling data is due to the strong drive of the RTX30 series graphics cards.

With the 8nm Ampere GPU architecture and the second-generation light-chasing technology, the RTX30 series graphics cards bring more powerful game performance, and light-chasing games are more playable. In March last year, Nvidia CFO Colette Kress revealed that in the first quarter of the RTX30 series graphics cards, sales increased by 40% over the previous quarter.

Lapsus$ is said to have obtained the design blueprints, drivers, firmware, various confidential documents and SDK development kits of the RTX40 series graphics cards. .

Samsung also followed the "shot"
However, while everyone was waiting for Nvidia and Lapsus$ to wrestle, Samsung suddenly appeared in the spotlight. According to reports, some of Samsung's confidential data was leaked due to an alleged cyber attack, which was initiated by Lapsus$.

On Friday, local time, Lapsus$ uploaded a large amount of data in the hacker community, saying that the data came from a smartphone manufacturer.

Later, Lapsus$ confirmed that they successfully hacked Samsung servers and posted nearly 190GB of sensitive data online, including the original source code of the company's apps and data related to various projects, as follows:
 Install the source code of a trusted applet (TA) in the Samsung TrustZone environment for sensitive operations (e.g. hardware encryption, binary encryption, access control)
 Algorithms for all biometric unlocking operations
 Bootloader source code for all latest Samsung devices
 Confidential source code from Qualcomm
 Source code for Samsung activation server
 Complete source code for the technology used to authorize and authenticate Samsung accounts, including APIs and services
According to reports, the 190GB of sensitive data was split into three compressed files for external download via a peer-to-peer network. Lapsus$ said additional servers will be deployed to help peers make the most of their download speeds. According to statistics, hundreds of people have obtained these data so far.


Screenshot of the data packet transmitted over the Internet
At this critical time node, it is expected that this security incident will bring a lot of blow to Samsung. Samsung has always hoped to surpass TSMC in the foundry business and has invested heavily. In terms of advanced manufacturing process, Qualcomm is an important customer of Samsung, and many high-end flagship chips are manufactured by Samsung. And, according to Qualcomm CEO Cristiano Amon, Samsung is currently the only foundry for the Snapdragon 8 Gen 1 chip.

However, seeing that MediaTek Dimensity 1000, 1200 and Dimensity 9000 using TSMC's technology are approaching the high-end market, Qualcomm will definitely be skeptical about its future cooperation with Samsung. "Determination.

Surprisingly, Lapsus$ did not ask Samsung for ransom, open-source core design, etc., as it did with Nvidia. At present, there is no indication, but the obtained data is distributed.

Samsung executives said the company was assessing the specific impact of the security incident.

Semiconductors repeatedly attacked by hackers
In fact, Nvidia wasn't the first semiconductor maker to be hacked, and Samsung certainly wouldn't be the last. In recent years, security incidents in the semiconductor field have occurred from time to time, and most of the attacks are "extortion".

In August 2020, SK Hynix, a major South Korean semiconductor manufacturer, was attacked by a hacker group using the ransomware Maze, 11TB of data was stolen, and about 600MB of it was released. It is reported that SK Hynix’s hacked documents also include emails for price negotiation of memory chips with client companies such as Apple and IBM.

LG Electronics, Canon and US semiconductor manufacturer MaxLinear have all suffered from Maze attacks, but the amount of ransom demanded by these manufacturers and whether they paid the ransom were not disclosed.

Of course, the aforementioned Samsung attack could cost Samsung's customers trust. But in the field of foundry, TSMC is not always smooth sailing. On August 3, 2018, TSMC's 12-inch wafer fab and operating headquarters in Hsinchu Science Park, Taiwan, China, shut down the production line due to a computer virus, and the same accident happened in Tainan and Taichung soon after. It was not until August 6, 2018 that TSMC announced that it would fully restore production capacity, saying that there would be a 2% revenue impact.

The repeated hacking attacks on semiconductor manufacturers also show that when hacking organizations are selecting targets, they have begun to transform from resource-intensive to technology-intensive enterprises. Prior to this, most of the famous hacking incidents revolved around Internet giants, hotel chains and government trust agencies and other targets, in order to obtain a large amount of user information as a threat.

In the past two years, the global semiconductor industry has developed rapidly, and the oligopoly effect is obvious. The most valuable resources of semiconductor giants are talents and technologies. Hackers are targeting the latter. Once leaked, it will have a huge impact on the leading position of giant companies.