TSMC denies ransomware hack as gang demands multi-million dollar ransom

Ransomware attack on a computer
(Image credit: Kaspersky)

Semiconductor manufacturer TSMC says it hasn’t suffered a ransomware attack, and that the data posted on LockBit’s leak site belongs to a third-party IT hardware supplier.

Last week, a hacker going by the name Bassterlord, who is thought to be affiliated with LockBit, took to Twitter to post a series of screenshots allegedly depicting data belonging to TSMC which had apparently been stolen in a ransomware attack. 

From the screenshots, one could conclude that the attackers had access to TSMC’s systems, had access to important email addresses, applications, as well as some passwords and other system credentials.

IT hardware supplier affected

While the thread was quickly deleted from the platform, LockBit soon added that data to its leak site, saying it expects a $70 million payment from TSMC in exchange for deleting the data. 

"In the case of payment refusal, also will be published points of entry into the network and passwords and logins company," LockBit allegedly wrote on its data leak site. 

When BleepingComputer reached out to TSMC, it was told that the company was not breached. Instead, the incident happened at Kinmax Technology, TSMC’s IT hardware supplier. 

"TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration," the spokesperson told the publication.

"At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC's system."

"Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information."

TSMC said it cut ties with the affected supplier until the issue is resolved. 

"After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company's security protocols and standard operating procedures. TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards," the spokesperson concluded.

In a separate press release from Kinmax, it was said that the company learned of the data breach in late June this year. Subsequent investigation uncovered that the crooks managed to steal some data from its systems, mostly related to system installation and configuration guides. 

"In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked," Kinmax said in its statement.

"The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations."

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.