Forged Signatures: Not Just For Troubled Youths Anymore. #Nvidia

Kyle McCray
March 9, 2022

Share This Post

As apart of the February 23rd ransomware attack on Nvidia by the Lapsus$ group, two Nvidia code-signing certificates were stolen and being used to sign Malware. The stolen code-signing certificates are expired, however they’re still recognized by Windows. This would allow drivers signed with the stolen codes to be loaded in the operating system. Below are the serial numbers used by the stolen certificates:

43BB437D609866286DD839E1D00309F5
14781bc862e8dc503a559346f5dcc518

Windows Defender Application Control Policies can be used to help mitigate this threat. For more information please see the following link: https://threatpost.com/nvidias-stolen-code-signing-certs-sign-malware/178784/

Reach out to our incident response team for help

Lapsus$, Nvidia, Windows

More To Explore

Bleeding Edge or Just Bleeding? CitrixBleed is Back

Citrix is back with vulnerability news no one wanted. CitrixBleed2 is affecting Citrix NetScaler ADC and Gateway devices between versions 14.1 and 47.46. Exploitation of

Brad Nigh July 7, 2025

Information Security News – 7/7/2025

The Top Red Teamer in the US Is an AI Bot Article Link: https://www.csoonline.com/article/4012801/the-top-red-teamer-in-the-us-is-an-ai-bot.html FDA Expands Premarket Medical Device Cyber Guidance Article Link: https://www.govinfosecurity.com/fda-expands-premarket-medical-device-cyber-guidance-a-28850 Malicious

Marcus Cylar July 7, 2025

Forged Signatures: Not Just For Troubled Youths Anymore. #Nvidia

Share This Post

More To Explore

Bleeding Edge or Just Bleeding? CitrixBleed is Back

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.

Follow Us:

Privacy Policy

© 2025 FRSecure LLC