Nvidia Hit with Cyberattack, Proprietary Data Stolen
Read also: Toyota suspends production due to a cyberattack, Enercom suffers satellite outage, and more.
Thursday, March 3, 2022
Nvidia hit with cyberattack, confirms hackers stole company’s data
US chipmaker giant Nvidia has suffered a cyberattack, which saw 1TB of company’s proprietary data stolen. In a statement regarding the incident Nvidia said that none of its systems were infected with malware.
The company, however, admitted that LOPSUS$, a South America-linked group that took responsibility for the hack, stole proprietary data, including employee data, driver and software bypass, and documents regarding future products.
The chipmaker did not specify what proprietary information the hackers got access to, but some news media reported that LOPSUS$ began to leak data allegedly stolen from Nvidia. More specifically, the group published nearly 20GB archive containing what they claim to be source code and “confidential/secret data from various parts of Nvidia GPU driver. Falcon, LHR, and such.” They also offered for sale a software tool to unlock the Ethereum mining limitation on Nvidia’s RTX 3000 graphics cards for $1 million.
Toyota shuts down operations at Japan plants due to a cyberattack
Japanese automotive manufacturer Toyota Motor halted operations at all plants in Japan after one of its suppliers, Kojima Industries, was hit by a cyberattack. Following the incident, the carmaker temporarily shut down 28 lines at 14 plants. The company subsidiaries Hino Motors and Daihatsu Motor also temporarily halted production.
According to Kojima Industries, which supplies Toyota with plastic parts, the company was hit by a ransomware attack. The investigation into the incident is still ongoing.
Satellite outage impacts thousands of Enercom turbines
Enercon, a German wind turbine maker, suffered a massive disruption of satellite link in Europe that affected the operations of around 6,000 turbines across central Europe with a total power of 11 GW.
According to the manufacturer, the incident did not cause disruptions in the operations of affected wind energy converters, as they were switched into an automatic mode.
At present, there’s no information on what caused the outage. However, the company noted in its press release that the incident took place “at almost exact time” as the Russian Federation launched a full-scale war in Ukraine.
Phishing campaign targets European officials involved in refugee operations
Researchers at Proofpoint have warned of a phishing campaign bearing signs of state-backed hacking operation aimed at European government personnel providing help in the evacuation of refugees fleeing Ukraine, as the country is fighting with the Russian military forces on almost all fronts.
While the researchers were not able to attribute the observed campaign to any particular threat actor, they found similarities with operations conducted by UNC1151 (aka GhostWriter, TA445) believed to be working on behalf of the Belarusian government that sided with Russia.
The phishing campaign involves an email address that appears to belong to a hacked Ukrainian armed service member. The observed email contained several malicious attachments, one of which contained information ostensibly related to the Emergency Meeting of the NATO Security Council held on February 23, 2022. The other malicious attachment targeted European government personnel involved in managing transportation and population movement in Europe and, when opened, attempted to download the SunSeed malware written in Lua.
Conti ransomware source code leaks online
Source code of the Conti ransomware was leaked online as part of a larger data leak containing internal information of the Conti ransomware operation. The data was released online by a security researcher known as ContiLeaks after the Conti gang pledged support to the Russian government.
On Sunday, ContiLeaks shared a trove of internal chats belonging to Conti members, containing various information about the gang’s operations. On March 1, the second portion of data was released, which included the source code for the group's administrative panel, the BazarBackdoor API, and screenshots of storage servers, among other files.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Subscribe to newsletter to get the next post automatically
- Explore 18 use cases how ImmuniWeb can help
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
