Nvidia said a cyberattack exposed employee credentials and proprietary data after the extortion group Lapsus$ claimed it had breached the company’s corporate network and stolen more than 1TB of information. Reports said the stolen material included schematics, firmware and driver source code, and a leak of usernames and cryptographic password hashes for 71,335 employees. The group also issued an unusual extortion demand, threatening further leaks unless Nvidia removed its Lite Hash Rate (LHR) restrictions from GeForce RTX 30-series graphics cards.
The fallout expanded beyond the initial intrusion as attackers began using stolen Nvidia code-signing certificates to sign malware and malicious Windows drivers, including tools such as Cobalt Strike, Mimikatz, backdoors, RATs, and a Quasar sample. Researchers warned that even expired certificates could still allow signed drivers to load in Windows, complicating defenses and raising the risk of broader downstream abuse. The incident unfolded amid wider concern over high-profile intrusions linked to Lapsus$, including a separate breach that prompted Ubisoft to order a company-wide password reset.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
Ubisoft disclosed a cyber incident that disrupted some games, systems, and services and prompted a company-wide password reset. Reporting linked the event to the same period in which Lapsus$ was targeting major technology companies including Nvidia and Samsung.
Researchers found threat actors using Nvidia code-signing certificates exposed in the breach to sign malware and malicious drivers, including Cobalt Strike beacons, Mimikatz, RATs, and a Windows driver. The abuse created ongoing risk because Windows could still load drivers signed with the expired certificates.
After Nvidia refused to negotiate, Lapsus$ leaked files including usernames and cryptographic hashes for 71,335 employees. The group also demanded that Nvidia remove Lite Hash Rate restrictions from GeForce RTX 30-series GPUs or face further leaks.
Nvidia confirmed that employee credentials and some proprietary information were taken during the cyberattack. This marked the company's public acknowledgment of data theft beyond the initial disclosure of the incident.
The extortion group Lapsus$ claimed responsibility for the Nvidia intrusion and said it stole more than 1TB of data from the company's corporate network. Reported stolen material included schematics, driver source code, firmware source code, and employee credential data.
Nvidia said it was investigating a cyberattack on its IT resources after threat actors breached parts of its business systems. The company later indicated the incident affected employee credentials and proprietary information.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
8 references tracked. Mallory keeps watching after this page renders.
siliconrepublic.com
Open sourcebleepingcomputer.com
Open sourcearstechnica.com
Open sourcepcmag.com
Open sourcezdnet.com
Open sourcebleepingcomputer.com
Open sourcebleepingcomputer.com
Open sourcethenationalnews.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.