Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead

Anton Shilov
·2 min read
TSMC
TSMC

The LockBit ransomware group claims it has hacked TSMC, with TSMC stating that one of its suppliers has been breached. The cybercriminals are demanding a ransom of $70 million by August 6 and threaten to leak considerable amount of sensitive data. TSMC told SecurityWeek that its network had not been breached, but one of its IT hardware suppliers had indeed been hacked.

"TSMC has recently been [made] aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration," a statement by TSMC sent to Tom's Hardware reads. "At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC’s system. Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any [of] TSMC’s customer information."

In response to the security breach and in accordance with its security guidelines, TSMC immediately ceased data sharing with the affected supplier. TSMC indicated that this is a routine procedure given the breach. At present, a law enforcement agency is investigating this cybersecurity occurrence.

"After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the Company's security protocols and standard operating procedures," the foundry stated. "TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards. This cybersecurity incident is currently under investigation [and] involves a law enforcement agency."

ransomware
ransomware

The notorious ransomware group published its initial threat on June 29 and gave TSMC seven days to respond; otherwise, a vast amount of sensitive information would be published. It then extended the 'deadline' to August 6. The group published a screenshot containing an @tsmc.com email.

TSMC claims that it did not fall victim to the cyberattack. The supplier affected by the attack is Kinmax Technology, a Taiwan-based systems integrator specializing on networking, storage, database management and, ironically, security. Kinmax Technology works with various multinational companies, including Cisco, HPE, Microsoft, Citrix, VMware, and Nvidia.

Kinmax itself claims that while the breach did take place, only its ' internal specific testing environment' was attacked, resulting in an information leak. The majority of the data that was exposed was related to the default setup instructions that the company delivers to its clients, according to the system integrator. Kinmax expressed its deepest regrets to the clients impacted because "the leaked data contained customer names, causing potential inconvenience." The company claims that it has put stronger security protocols in place to ensure such situations do not arise in the future.