Taiwan Archives - ICSSTRIVE

Confusion About $70M Ransom Demand: Kinmax or TSMC ?

June 29, 2023

“In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked,” reads the Kinmax statement.
“The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations.”

The Lockbit ransomware group claimed to have hacked chipmaker giant TSMC. TSMC stated its supplier Kinmax was attacked. Kinmax is not the corporate giant that TSMC is, so LockBit’s demands for a $70 million ransom payment will likely be ignored.

While there appears to be a mixup as to who was compromised in this attack, the $70 million ransom demand is one of the largest seen to date.

Lockbit Demands $70M of TSMC Chipmaking Giant

June 28, 2023

Chipmaking giant TSMC denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.

On Wednesday, a threat actor known as Bassterlord, who is affiliated with LockBit, began to live tweet what appeared to be a ransomware attack on TSMC, sharing screenshots with information related to the company. While this Twitter thread has since been deleted, the LockBit ransomware gang created a new entry for TSMC yesterday on their data leak site, demanding $70 million or they would leak stolen data, including credentials for their systems.

A TSMC spokesperson told BleepingComputer that they were not breached, but rather the systems of one of their IT hardware suppliers, Kinmax Technology, were hacked. “Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information.”

Apart from validating that its systems had not been impacted in any way, TSMC states that it also stopped working with the breached supplier until the situation cleared up.

Hackers Stole Source Code from Taiwanese PC Parts Maker MSI

April 5, 2023

Taiwanese PC parts maker MSI (Micro-Star International) was listed on the extortion portal of a new ransomware gang known as “Money Message”. The threat actors claimed to have stolen 1.5TB of data from MSI’s systems. The stolen data includes source code and databases. The group demanded a ransom payment of $4,000,000.

Data Breach at Acer

February 15, 2023

Computer behemoth, Acer, suffered a data breach in mid-February after attackers were able to get into a server hosting private documents used by repair technicians.
That being said, the Taiwan-based computer firm said so far there are no indications the hack had an impact on stealing customer data.
The company’s confirmation of the breach comes after the attacker began selling on a popular hacking forum what they claim is 160GB of data stolen from Acer in mid-February, according to a report with BleepingComputer. The attacker said the stolen data contains technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK).

Taiwanese Chipmaker ADATA Attacked by Ragnar Locker Gang

May 15, 2021

The Ragnar Locker ransomware gang published download links for more than 700GB of archived data stolen from chip maker ADATA. A set of 13 archives, allegedly containing sensitive files, have been publicly available at a cloud-based storage service. A total of 1.5TB of data was compromised.

In October 2022 the Ransomhouse gang claimed to have hacked ADATA and published data on leak site. Bleepingcomputer compared the timestamps on the data shared by RansomHouse with the data leaked by Ragnar Locker in June 2021. They found that both sets of stolen data have similar timestamps, with no file being newer than May 2021. ADATA told Bleepingcomputer they were not hacked, and that this is the same data stolen by Ragnar Locker in 2021.

Hackers Demand $16.7M from Laptop Manufacturer Compal Electronics

November 9, 2020

Compal Electronics, a Taiwanese original design manufacturer (ODM),suffered a ransomware attack with attackers demanding almost $17M. While the company spokesperson emphasized that Compal is not being blackmailed by the hackers, BleepingComputer confirmed the ransomware attack after they obtained a ransom note used in the attack.

REvil Extorts Apple in Supply Chain Attack

April 20, 2021

REvil ransomware gang ransomware group attacked Quanta, a Taiwan-based original design manufacturer (ODM). The attackers attempted to pressure Quanta into paying a ransom. When that didn’t work, they turned their attention to Apple by publicly releasing proprietary blueprints for new Apple devices that they had stolen from the tech giant’s business partner. According to the Tor payment page shared with BleepingComputer, Quanta has to pay $50 million until April 27th, or $100 million after the countdown ends.

Apple contracts Quanta to manufacture Apple Watch, Apple Macbook Air, and Apple Macbook Pro.

REvil Demands $50Million Ransomware from Acer Electronics

March 23, 2021

The Sodinokibi/REvil ransomware gang has reportedly infected Taiwanese multinational electronics corporation Acer and demanded a ransom of $50 million. Those responsible for the Sodinokibi ransomware strain announced on their data leaks website that they had breached the computer giant.

This was the largest ransom ask made to date—many more times higher than what the Conti gang wanted from IoT manufacturer Advantech in November 2020.

RansomEXX Claims Attack on Taiwanese Computer Manufacturer

August 2, 2022

Taiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang. The ransomware gang threaten to publish 112GB of stolen data unless a ransom is paid. The attack forced the company to shut down systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website.

Hackers Attack Taiwan’s Major Oil Refiner Affecting Customers at the Pump.

May 4, 2021

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop.
Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.

« Older Entries