While there is no credible evidence that Russia has anything to do with a cyberattack on Santa Clara-based Nvidia, the company is being tight-lipped about an attack that “completely compromised” their internal systems.
Silicon Valley chip manufacturers like Nvidia, Intel, and AMD (all based in Santa Clara) are merely minor household names outside the tech industry, but their computer chips power devices from gaming consoles to smart cars to top-secret military devices. Nvidia is the largest of the three, valued at $600 billion, compared to AMD ($200 billion) and Intel ($192 billion), and in recent months it's become one of the 10 most valuable companies in the world — and its market cap is currently higher than Facebook/Meta's.
But no one is celebrating this at Nvidia today, in the wake of a Telegraph report that Nvidia was hit with a “malicious network intrusion” that “completely compromised” the company’s networks.
This article about the Nvidia cyber attack has two lines about the actual hack. Rest of the article is discussing cyberwar and the threat of Russian cyberattacks, which serves no purpose other than to fuel baseless speculation. Do better. pic.twitter.com/d0XhVjckvD— Marcus Hutchins (@MalwareTechBlog) February 25, 2022
The Telegraph’s report does some highly speculative connecting of the dots in its third sentence. “The suspected hack comes amid Russian cyberwarfare against Ukraine and heightened security concerns about attacks on the West in retaliation for hitting the Kremlin with sanctions,” the Telegraph reports. “There is no evidence linking Nvidia’s outages to the conflict."
But as we see above, Nvidia’s Wikipedia page has already been edited to say “Nvidia was reportedly compromised by Russian hackers during the 2022 Russian invasion of Ukraine.” Again, there is currently no proof of Russian involvement.
Still, it does not build trust that Nvidia is being so vague, even if that is the standard tech company playbook. “We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” Nvidia spokesperson Hector Marinez said in a statement to several media outlets.
Updated: Bloomberg now citing a source that it was ransomware.— Sean Hollister (@StarFire2258) February 25, 2022
(Seems likely Nvidia decided to take back control of the message.) https://t.co/dfxCbr2FBj
Bloomberg has a Friday afternoon update from an internal Nvidia source saying it was a fairly pedestrian ransomware attack. “The hack looks to be relatively minor and not fueled by geopolitical tensions, said the person, who asked not to be identified because the details aren’t public,” according to the Bloomberg update.
Seems to be a pretty big gap between ““completely compromised” and “relatively minor!” But both can be true. As the Verge explains, it is possible for systems to be “compromised,” but not have any data stolen or deleted. The Verge notes that while “the alleged attack reportedly knocked out Nvidia’s email, we did receive Nvidia’s statement today from an Nvidia email address.” So it could be that hackers hit systems Nvidia designed to quickly pivot upon towards back-ups, and did no damage that could last more than a day or two.
We will probably know more about this by early next week. But in this highly charged environment, and with the Trumpian phrase “Russia witch hunt” now a part of our political vernacular, we will likely hear no shortage of fantastical theories all weekend long.
Related: UC and Stanford Campus Systems Both Breached In Major Cyber Attack [SFist]
Image: Coolcaesar via Wikimedia Commons