Cyber Security Threat Summary:
“Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data. TSMC is one of the world's largest semiconductor manufacturers, with its products used in a wide variety of devices, including smartphones, high performance computing, IoT devices, automotive, and digital consumer electronics” (Bleeping Computer, 2023).

A LockBit affiliate who goes by Bassterlord last week shared screenshots showing alleged ransomware activities against TSMC. These screenshots indicated that the threat actor had significant access to systems allegedly belonging to TSMC, displaying email addresses, access to applications, and credentials for various internal systems. While this Twitter thread has since been deleted, the LockBit ransomware gang created a new entry for TSMC yesterday on their data leak site, demanding $70 million or they would leak stolen data, including credentials for their systems. "In the case of payment refusal, also will be published points of entry into the network and passwords and logins company," reads the LockBit data leak entry for TSMC.

A TSMC spokesperson shared with Bleeping Computer that they were not breached, but rather the systems of one of their IT hardware suppliers Kinmax Technology. "TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration," stated the spokesperson. "At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC's system. Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information."

Security Officer Comments:
TSMC says they have validated their systems and confirmed they were not directly impacted, they also stopped working with the breached supplier until the situation is cleared up. According to the spokesperson, an investigation is underway at Kinmax Technology, and law enforcement is involved.

"After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company's security protocols and standard operating procedures. TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards," continued TSMC.

Kinmax, the impacted supplier, has published a statement today explaining that it became aware of a compromise of a specific testing environment in its network on June 29, 2023. The company discovered that the intruders managed to exfiltrate some data from the accessed system, mainly concerning system installation and configuration guidance for customers. "The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations."

Kinmax is not the corporate giant that TSMC is, so LockBit's demands for a $70 million ransom payment will likely be ignored.

Link(s):
https://www.bleepingcomputer.com/