70 million or 10 terabytes of information: how will the TSMC hack turn out for the world of chips?
LockBit releases screenshots of data allegedly owned by TSMC.
On Friday, LockBit reported that a group of hackers had compromised the network of Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest chipmaker. The attackers promise to publish the company’s confidential data if the company does not pay $70 million to decrypt the files. LockBit also claims to have access to 10 terabytes of TSMC information.
LockBit is one of the most active types of ransomware, whose developers use a double tactic: they encrypt files and threaten to disclose stolen information. Victims include companies such as Accenture, Press Trust of India and Bangkok Airways. Stakeholders pay a deposit before custom attacks and profit through an affiliate scheme. The ransom payments are shared between LockBit developers and attacking partners. The latter receive up to ¾ of the ransom amount.
On Wednesday, one of LockBit’s partners under the pseudonym Bassterlord tweeted screenshots with information that was clearly not intended for prying eyes. The screenshots show email addresses, apps, and credentials from various systems purportedly belonging to TSMC.
The post was later taken down and the LockBit group created a new post on their website demanding $70 million in ransom.
“In case of refusal to pay, network entry points, passwords and logins will also be published,” the entry says.
However, a spokesperson for TSMC said that the company had not experienced any cybersecurity incidents and that all of its manufacturing operations were operating normally. He also added that TSMC regularly checks its network for vulnerabilities and takes all necessary measures to protect data.
The company later admitted that although it was not hacked itself, the systems of one of their IT equipment suppliers, Kinmax Technology, were hacked.
“One of our IT equipment vendors experienced a cyber incident that resulted in a leak of information related to initial setup and server configuration,” the spokesperson explained.
“Following the incident, TSMC immediately stopped communicating with this provider in accordance with security protocols. TSMC continues to make efforts to increase security awareness among its partners.”
The LockBit attack could be part of a larger campaign against chip makers. Last year, REvil stated that hacked Quanta Computer, which makes laptops for Apple. For the return of the stolen drawings demanded 50 million dollars. However, Apple refused to pay the ransom and said they were relying on their own security system. It appears that TSMC is following Apple’s example and is not going to give in to threats.