Security

Cyber-crime

Us, hacked by LockBit? No, says TSMC, that would be our IT supplier

So, uh, who's gonna pay that $70M ransom?


Following claims by ransomware gang LockBit that it has stolen data belonging to TSMC, the chip-making giant has said it was in fact one of its equipment suppliers, Kinmax, that was compromised by the crew, and not TSMC itself.

On Thursday, the gang claimed on its website that it had managed to break into TSMC's systems, and unless a ransom of $70 million was paid, the exfiltrated info – including network login credentials for the manufacturer's IT network – would be leaked online.

One of the criminal gang's affiliates, calling itself the National Hazard Agency, shared screenshots of directory listings of what was said to be the stolen files. The crooks said TSMC has an August 6 deadline to cough up.

When contacted by The Register about the break in, TSMC said it was a third-party supplier — not the chip manufacturer itself — that was breached by the ransomware gang. The Taiwanese giant, which makes chips for Nvidia, AMD, Apple, and others, downplayed the impact of the theft. It doesn't sound as though the intrusion was entirely uneventful for TSMC, but it's not like the miscreants made off with, say, blueprints for factories and processors, or so it seems.

"TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration," a company spokesperson said, adding that the intrusion is under investigation by law enforcement. 

The security breach "has not affected TSMC's business operations, nor did it compromise any TSMC's customer information," the spokesperson added. "After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company's security protocols and standard operating procedures."

The silicon baker also pledged to help its suppliers improve their security awareness, and said it remained committed to "making sure they comply with security standards."

While TSMC did not name Kinmax in its statement, the spokesperson directed further questions about the breach to Eric Huang, vice president of Kinmax Technology, and also shared a letter it received from the smaller biz about the break in.

According to the supplier's statement, it first became aware of the intrusion on the morning of June 29, after discovering that its internal specific testing environment had been breached and "some information" had been leaked.

"The leaked content mainly consisted of system installation preparation that the company provided to our customers as default configurations," the Kinmax letter said.  

"We would like to express our sincere apologies to the affected  customers, as the leaked information contained their names which may have caused some inconvenience," it continued. "The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future."

Huang did not immediately respond to The Register's inquiries, and TSMC did not answer our question about whether it would pay the $70 million demand.

LockBit remains an especially prolific ransomware-as-a-service gang, and the group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. ®

Send us news
2 Comments

LockBit victims in the US alone paid over $90m in ransoms since 2020

As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections

Now BlackCat extortionists threaten to leak stolen plastic surgery pics

Sharing a cancer patient's nude snaps earlier wasn't enough for these scumbags

Reddit confirms BlackCat gang pinched some data

Crooks demand $4.5m to keep '80GB' of corp info private – and no API price hikes

Guess what happened to this US agency using outdated software?

Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities

US government hit by Russia's Clop in MOVEit mass attack

CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds

Network security guy in extradition tug of war between US and Russia

Group-IB spinout confirms Kislitsin is wanted by both Washington and Moscow

A (cautionary) tale of two patched bugs, both exploited in the wild

One affects VMware's monitoring tool and the other TP-Link routers

Oreo cookie maker says crooks gobbled up staff info

50K-plus employees' personal info swiped after law firm rolled

Miscreants leak texts and info siphoned by Android stalkerware app LetMeSpy

Just as America's Supremes set a high bar for cyberstalking

Apple squashes kernel bug used by TriangleDB spyware

Snoops may be targeting macOS in addition to iPhones, Kaspersky says

Crook who stole $23m+ in YouTube song royalties gets five years behind bars

Claims he wants to stay in the music biz after time in a Sing Sing

UK cyberspies warn ransomware crews targeting law firms

Nation states will use you to get to your friends, says NCSC