LockBit Strikes: TSMC Faces $70M Ransomware Threat

Last Thursday, the ransomware group LockBit asserted they had successfully infiltrated the systems of TSMC, demanding a ransom of 70 million dollars, threatening to release the pilfered data otherwise. We understand that the invasion is currently under investigation by law enforcement agencies.

The criminal syndicate has publicized a snapshot alleged to be a directory list of stolen files, insisting that TSMC must pay the ransom before August 6th.

Source: Vx-underground via Twitter

Regarded as the most valuable semiconductor company globally, TSMC boasted a revenue exceeding 57 billion dollars in 2021. This semiconductor titan clarified that the ransomware group’s attack targeted a third-party supplier rather than the chip manufacturer itself: “TSMC recently became aware of a cybersecurity incident involving one of our IT hardware vendors, resulting in the disclosure of information related to initial server settings and configurations. This security breach did not affect TSMC’s business operations nor did it disclose any customer information. Upon the incident, TSMC immediately terminated data exchange with the vendor in accordance with the company’s security protocols and standard operating procedures.”

In their statement, TSMC reassured customers that there was no need for concern about this attack, explaining that each hardware component undergoes an extensive series of inspections and adjustments, including security configurations, before being installed into TSMC’s systems. TSMC also pledged to help its suppliers enhance their security awareness, ensuring they comply with security standards.

It is understood that TSMC’s third-party supplier, Kinmax Technology, offers network, cloud computing, storage, security, and database management services. Much like TSMC, this company is headquartered in Hsinchu, Taiwan.

According to Eric Huang, the Vice President of Kinmax Technology, they first became aware of the intrusion on the morning of June 29th, discovering that a specific internal test environment had been compromised, leading to some information being leaked. The leaked content primarily comprised “various system installation preparation information provided by the company to its customers.” Kinmax Technology apologized to the affected customers as the leaked information included their names, which could cause some inconvenience. The company stated that it had thoroughly investigated this incident and implemented enhanced security measures to prevent similar occurrences in the future.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation in the United States characterized LockBit as one of the most active ransomware groups. LockBit claims responsibility for at least 1,653 ransomware attacks, having procured at least 91 million dollars in ransom from American victims since launching their first attack in the U.S. in January 2020.