Lapsus$ says it won’t disclose sensitive data if the company removes the LHR on its own

Assuming responsibility for the attacks on NVIDIA servers carried out last week, the Lapsus$ group is threatening to release materials that could destroy the company-developed LHR limiter. The technology is added to certain lines of the manufacturer’s GPUs as a way of making them less attractive to cryptocurrency miners such as Ethereum it’s the Bitcoin.

So far, the company has not disclosed the scope of the attack or its consequences, but cybercriminals claimed to have obtained 1TB of sensitive data. While the GPU maker apparently “gave payback” and was able to encrypt the stolen data directly on the servers used by the group, those in charge claim that they had already backed up the information before that happens.

Telegram messages reveal that Lapsus$ has already started data sales that allow breaking LHR V2 protections gifts on chips ranging from GA102 to the GA 104. They also claim that cybercriminals are waiting for NVIDIA to contact them and remove protections yourself. “If she doesn’t contact us, we will take action.”, says one of the messages.

Cybercriminals threaten to disclose sensitive data

According to Lapsus$, its goal is to force NVIDIA to remove limiters from all GPUs belonging to the RTX 30 line. The group claims that the technology harms both miners and players and that, if the company follows its recommendations, nothing will be done about another one “big HW folder” of data obtained during attacks.

The fact that the group tries to put pressure on the manufacturer while claiming to have its own way of removing the limiters makes it easy to view threats with some skepticism. Attackers claim to have sensitive data with product schematics, documentation and internal tools in their handsas well as development kits and “all about the Falcon”, microcontroller that controls the video decoding and security of the company’s GPUs.



Until now, NVIDIA has only commented on the matter to state that it is investigating an incident, without confirming whether there was data theft or compromise of sensitive information from its customers and partners. The company’s delay in providing more data serves as indication that Lapsus$ may have done considerable damage and that she is waiting for the best possible way to handle the case so that it does not jeopardize her activities.

