(no title)

> the website (distribution channel) was the only part they are concerned about, which wouldn't be classed as major

By whom? I'd certainly class it as major if their website could distribute malware instead of the real drivers, as that impacts everyone. Stealing nvidia's proprietary designs impacts only them.

I visited that page a few days ago to setup a new system which is, at the same time, supposed to be very secure (the proprietary drivers being one of the weak points indeed, but can't quite get around that if the GPU is to be fully functional). If this was compromised then I can start over and have a bunch of passwords and private keys to rotate.

> What I'd class as major would be some third party gaining access to NVIDIA's RTL designs and source code for their drivers

Ransomware operators are not that clever, they go for low hanging fruit. I mean, yeah, by all means, do recon on a system you just pwned and try to do a supply chain attack, but it's outside the range of these operators. They only have a hammer, and everything just looks like a nail.

Even if they get the RTL I'm not sure how useful those would be. While Russia does have semiconductor fabs, apparently their smallest node is around 65nm, completely useless for the large designs current NVidia GPUs use. At best they could have them made at a fab in mainland China, but even there the smallest node is only 14nm.