Going on offense: Ukraine forms an ‘IT army,’ Nvidia hacks back

Join today’s leading executives online at the Data Summit on March 9th. Register here.

It’s not directly related to the emerging cyber resistance against Russia in Ukraine — but the reports that Nvidia has turned the tables on its attacker in a ransomware incident this week does seem to resonate.

Both the Nvidia case, and Ukraine’s effort to launch a cyber offensive against Russia, share a common theme of standing one’s ground and pushing back against aggressors — whether those be power-hungry nation states or cyber criminals.

In Ukraine today, Mykhailo Fedorov, the country’s vice prime minister, announced on Twitter, “We are creating an IT army.”

“We need digital talents,” wrote Fedorov, who also holds the title of minister of digital transformation — sharing a link to a Telegram channel where he said operational tasks will be distributed. “We continue to fight on the cyber front.”

On the Telegram channel, the IT army reportedly posted its list of Russian targets — which were also translated into English “for all IT specialists from other countries.”

Anonymous is the most visible group to pledge a cyber offensive against Russia on behalf of Ukraine, but some of the most sophisticated hacker groups are known to avoid attention as much as possible — including some that are believed to be aligned with the U.S. and western countries.

On Friday, Christian Sorensen, a former U.S. Cyber Command official, told VentureBeat that “hacktivists around the world [will be] working against Russia, because they are the aggressor.”

“I think things will ramp up against western targets, but Russia and Belarus will be targeted by these groups even more” said Sorensen, formerly the operational planning team lead for the U.S. Cyber Command.

Hacking back

Meanwhile, a ransomware gang that claimed to have attacked Nvidia also reportedly posting a message that the chipmaker had hacked back.

The group, Lapsus$, said on its Telegram channel that 1 TB of data was removed by Nvidia, according to screenshots shared by Brett Callow, a threat analyst at Emsisoft. The ransomware group, believed to operate in South America, also said that Nvidia had encrypted the group’s data (though the group says it had a backup), according to the screenshots.

Nvidia did not immediately respond to a request for comment on Saturday.

On Friday, a spokesperson said that Nvidia was “investigating an incident” and was “still working to evaluate the nature and scope of the event.”

“Our business and commercial activities continue uninterrupted,” the Nvidia spokesperson said in the statement.

The statement came in response to a Friday report in The Telegraph that Nvidia, one of the largest producers of graphics chips, has been investigating “a potential cyber attack that has taken parts of its business offline for two days.”

Quoting an unnamed “insider” at Nvidia, The Telegraph reported that the potential cyberattack had “completely compromised” internal systems at the company — “although some email services were working on Friday,” the report said.

Preventing leaks

Hacking back is “unusual, but certainly not unheard of,” Callow said in a message to VentureBeat. Often the goal is to prevent leaks of stolen data, he said.

“I wouldn’t assume any connection to the conflict” in Ukraine, Callow added.

Still, you can’t help but notice a common theme in terms of pushing back against cyberattacks.

Russian cyber offensives have already been playing a role in the country’s build-up to its assault on Ukraine this week. Authorities in the U.S. and U.K. blamed Russia for last week’s massive distributed denial-of-service (DDoS) attacks in Ukraine. Fresh DDoS attacks, as well as destructive cyberattacks that involved wiper malware, struck Ukraine on Wednesday just ahead of the invasion.

But on Friday, a Bloomberg report said that a hacker group that was now forming to bring counterattacks against Russia had amassed 500 members. And today, we have the announcement of Ukraine’s IT army — potentially including assistance from hackers around the globe.

“Whether sanctioned or not, official or not, if people have or can get the right information, know-how, and desire — they can make an impact,” Sorensen said on Friday, prior to the announcement of Ukraine’s IT army. “We’ll have to wait and see what they are able to do.”

Originally appeared on: TheSpuzz