A short while back, NVIDIA was hacked by a South American hacker group calling themselves Lapsus$. In addition to the source code for DLSS and LHR, the miscreants also leaked confidential hardware header and C++ files containing the configuration, parameters, and other firmware details of existing and future GPUs. Furthermore, the leak also includes two NVIDIA certificates used for signing the drivers and other executables distributed by the chipmaker.
A digital certificate allows developers to digitally sign executables and drivers so that Windows can verify their authenticity, thereby avoiding a tampered file from a malicious source. After Lapsus$ leaked NVIDIA’s certificate, it was quickly picked up by cyberthieves and bullies to sign malware, trojans, and backdoors which were then circulated on the internet.
Going by the samples uploaded to VirusTotal (a malware scanning service), the certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.
Although both the NVIDIA certificates are expired, Windows still allows the installation of a driver signed with them. Microsoft has issued a statement acknowledging the security issue, and it should be fixed soon.
-
NVIDIA RTX 5080 Mobile Allegedly Based on GB203 GPU, GDDR7 Memory & PCIe Gen 5
-
AMD Radeon RX 7900 XT Drops Below $700 (-$210 Off), RX 6800 at $369 (-$310 Off)
-
AMD Radeon RX 9900 XTX to Feature 18432 Cores/288 CUs: Replaces the Shelved 8900 XTX
-
AMD Radeon RX 8900 XTX Specs: 13000+ Cores for the Cancelled RDNA 4 Flagship