Taiwanese chip giant TSMC was present on June 29, 2023 on the leaked dark website of notorious ransomware group LockBit, possibly due to a supply chain attack.
The resulting ransom of $70 million is the fourth largest ransomware in history.
The day before this information was posted on the leak site, a threat actor known as Busterlord, who works with LockBit affiliate National Hazard Agency, launched a live tweet in what appeared to be a ransomware attack against TSMC, displaying a screen containing information related to the company. shared a shot.
TSMC issued statements with various media outlets, admitting that one of its contractors had been compromised, but said the incident did not affect TSMC’s business operations and that customer information was not compromised. Stated.
Meanwhile, Kinmax Technology, which is likely to be the contractor in question, but which TSMC did not directly name, said on June 29 that a specific test environment within the company was attacked and some information was leaked. said he noticed.
Kinmax said in a statement: “The leaked content mainly consisted of the installation preparation of the system that we provided to our customers as a default configuration. We sincerely apologize and have thoroughly investigated this incident and have taken additional security measures to prevent such incidents from occurring in the future.”
It is understood that TSMC has immediately terminated data exchanges with this supplier in accordance with the company’s security protocols and standard operating procedures.
LockBit’s Toolkit
According to a joint advisory released by nine cybersecurity agencies on June 14, 2023, LockBit is one of the most active ransomware groups, with nearly 1,700 cyberattacks hitting 9,000 victims in the United States alone since 2020. more than a million dollars in damage.
We work with affiliates that use Ransomware as a Service (RaaS) toolkits. Called LockBit 3.0 and released in July 2022, the latest version of this toolkit encrypts the victim’s files and uses a double extortion scheme to steal a copy of the data before demanding a ransom payment. known to be
The cyberattack against Kinmax was one of the first after LockBit’s longest period of inactivity, and some security researchers suspect the gang is working to evolve the current LockBit 3.0 toolkit. I don’t think so.
TSMC produces 65% of the world’s semiconductors and 90% of cutting-edge nodes. Estimated annual revenue for 2023 is expected to exceed $74 billion.
Kinmax is a much smaller company. According to their LinkedIn page, they have between 201 and 500 employees.
However, Kinmax claims on its website that its partners include companies such as Nvidia, HPE, Cisco, Microsoft, Citrix, and VMware, in addition to TSMC. At the time of this writing, none of these companies have issued any statements regarding the incident.
