According to the latest news in the industry, the well-known ransomware gang LockBit claimed to have attacked TSMC and extorted a ransom of US$70 million from TSMC for leaking data. The deadline for payment is August 6 this year.
A few days ago, a member of the gang posted screenshots of his real-time attack on TSMC and related information on TSMC on Twitter.
Although the member deleted the tweet shortly afterwards, it is clear from the information center published that the gang has extensive access to TSMC's internal systems, applications, and also contains a large number of email addresses and internal system credentials and other data.
At present, the LockBit gang has opened an entry for TSMC on its official website, demanding a payment of 70 million US dollars, otherwise the stolen data, network entry points, and company passwords and login information will be disclosed.
Although TSMC confirmed the above information, it said that it was not attacked by the network, but that the information of an IT hardware supplier (Kinmax Technology) of TSMC was leaked, and the data of this supplier was also used on it.
TSMC stated that this is the network security incident that caused the Kinmax Technology server initial settings and configuration related information to be leaked. TSMC has an impact but does not involve business.
Kinmax is a service provider specializing in IT solutions such as networking, cloud computing, storage and database management for TSMC. The company, TSMC, relevant authorities and cybersecurity experts are currently working together to resolve the incident.
The company said in a statement that on the morning of June 29, the company discovered that our internal specific test environment had been attacked and some information had been leaked.
It is reported that the leaked content is mainly in the engineering experiment area, which is the "test environment" provided to customers for system installation preparation as the default configuration. In the statement, Kinmax apologized to customers and said that TSMC was not the only partner affected by the incident. .
"This is just the basic setup at the time of shipment. It has not caused any damage to customers, and customers have not been hacked by it." Kinmax said it did not steal any important information from TSMC.
TSMC said in its latest statement that each hardware component undergoes an extensive series of checks and adjustments, including security configurations, before being installed into TSMC's systems. After review, the incident did not affect TSMC's business operations, nor did it disclose any TSMC customer information.
A TSMC spokesman said the cybersecurity breach was primarily related to initial server setup and configuration. The company responded immediately to the incident by terminating data exchange with the vendor involved and adhering to its robust security protocols and standard operating procedures.
Finally, both TSMC and Kinmax Technology stated that they would thoroughly investigate the matter to strengthen security measures and avoid similar incidents from happening in the future.
It is reported that LockBit is a notorious cyber virus extortion organization originating from Russia. The extortion gang has been active in this field since 2019 and began to dominate the market last year, becoming the most prolific ransomware gang on the market.
LockBit's leader, LockBitSupp, lives in Russia and has ties to other well-known ransomware gangs, such as Conti/Black Basta and DarkSide/BlackMatter.
The incident comes shortly after the U.S. Department of Justice announced the arrest and indictment of a Russian national allegedly involved in multiple LockBit ransomware attacks targeting the U.S. and around the world, the same day Indian pharmaceutical giant Granules India was hit by LockBit.
LockBit has been in the news frequently since last year, and more than 1,800 entities have become victims of its attacks. The gang mainly uses the ransomware-as-a-service model (RaaS), paying part of the ransom profits to affiliated companies that carry out the attacks , and keep most of the profits.