NVIDIA Code Signing Certificates Leveraged to Sign Malware

Hackers are currently engaging in a malicious operation with stolen NVIDIA code signing certificates they leverage to sign malware to make it look trustworthy. This allows them to load compromised drives in Windows systems.

NVIDIA has recently confirmed that it has been the target of a hack that resulted in the theft of employees’ credentials. This statement was later supported also by Have I Been Pwned which added to its database 70k compromised credentials in the NDIVIA’s data breach.

As claimed by the hacking group itself, the cyberattack was attributed to Lapsus$, a threat actor who said to have stolen 1TB of information during the data breach and started to perform a data leaking operation following the company’s refusal to negotiate with the malicious actor.

As Bill Demirkapi stated in a tweet, the NVIDIA leak consisted also of two stolen code-signing certificates usually employed by the developers at NVIDIA for drivers and executable signing purposes.

As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd

— Bill

Read More: https://heimdalsecurity.com/blog/nvidia-code-signing-certificates-leveraged-to-sign-malware/