Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead

(Image credit: TSMC)

The LockBit ransomware group claims it has hacked TSMC, with TSMC stating that one of its suppliers has been breached. The cybercriminals are demanding a ransom of $70 million by August 6 and threaten to leak considerable amount of sensitive data. TSMC told SecurityWeek that its network had not been breached, but one of its IT hardware suppliers had indeed been hacked.

"TSMC has recently been [made] aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration," a statement by TSMC sent to Tom's Hardware reads. "At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC’s system. Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any [of] TSMC’s customer information."

In response to the security breach and in accordance with its security guidelines, TSMC immediately ceased data sharing with the affected supplier. TSMC indicated that this is a routine procedure given the breach. At present, a law enforcement agency is investigating this cybersecurity occurrence.

"After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the Company's security protocols and standard operating procedures," the foundry stated. "TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards. This cybersecurity incident is currently under investigation [and] involves a law enforcement agency."


(Image credit: @vxunderground/Twitter)

The notorious ransomware group published its initial threat on June 29 and gave TSMC seven days to respond; otherwise, a vast amount of sensitive information would be published. It then extended the 'deadline' to August 6. The group published a screenshot containing an @tsmc.com email.

TSMC claims that it did not fall victim to the cyberattack. The supplier affected by the attack is Kinmax Technology, a Taiwan-based systems integrator specializing on networking, storage, database management and, ironically, security. Kinmax Technology works with various multinational companies, including Cisco, HPE, Microsoft, Citrix, VMware, and Nvidia.

Kinmax itself claims that while the breach did take place, only its ' internal specific testing environment' was attacked, resulting in an information leak. The majority of the data that was exposed was related to the default setup instructions that the company delivers to its clients, according to the system integrator. Kinmax expressed its deepest regrets to the clients impacted because "the leaked data contained customer names, causing potential inconvenience." The company claims that it has put stronger security protocols in place to ensure such situations do not arise in the future.

Anton Shilov
Freelance News Writer

Anton Shilov is a Freelance News Writer at Tom’s Hardware US. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.

  • Metal Messiah.
    So this 'Ransomware-as-a-Service model (RaaS)' Russian gang is back again ? In UK, they recently demanded $80 million in bitcoin by holding up 'Royal Mail' for ransom. It also stole customer data from UK high street retailer WH Smith.

    Some stats. HIVE still tops the list I suppose, but there’s little doubt that LockBit’s leader, nicknamed LockBitSupp, still resides in Russia.

  • Geef
    There needs to be a fallback for data getting taken. Like security code for everything that if not updated the data immediately changes to something goofey. Information on number of honeybuckets cleaned last month on TSMC property and weight of amount cleaned. Number of PineTrees applied to attempt to cover scent.

    Someone pays these guys 70m and gets a data sheet showing that and wow!