Luckily for TSMC, its business operations and customer information were not compromised, according to a spokesperson. The TSMC spokesperson, who strangely would not share their name, said that the company has terminated its data exchange with Kinmax in accordance with its security protocols.
Contrary to what the two companies are saying, the hackers have demanded $70 million from TSMC, or otherwise they would publish the stolen data.It’s not clear how much the hackers were able to steal but Kinmax says it was just installation configuration files.
Top 5 Highest Ransom Demands 📈— Will (@BushidoToken) June 30, 2023
🔘 Hive: MediaMarkt - $240m
🔘 REvil: Acer - $100m
🔘 REvil: Kaseya - $70m
🔘 LockBit: TSMC - $70m 🆕
🔘 LockBit: Pendragon - $60m
🔘 EvilCorp: CNA Financial - $40m (Paid)
Kinmax has several other high-profile customers including NVIDIA, HPE, Cisco, Microsoft, Citrix, and VMWare. TechCrunch said that NVIDIA declined to comment on the incident but has received no response from the others. It’s likely they’re in the same boat as TSMC.
Explaining what had happened in the breach, Kinmax published the following statement:
“On the morning of June 29, 2023, the company discovered that in the company's internal specific test environment, it was attacked by an external group and retrieved relevant information. On the same day, we completed the notification and apologized to the customer, and at the same time invited a third-party information security team to work with the customer to do damage control.
The environment under attack is the engineering test area. This is the system installation environment prepared for customers. The captured content is parameter information such as installation configuration files. However, because the company name of a specific customer is used, it has attracted the attention of cyber attack groups. , and try to obtain the customer's sensitive information through this channel.
Since the above information has nothing to do with the actual application of the customer, it is only the basic setting at the time of shipment. At present, no damage has been caused to the customer, and the customer has not been hacked by it.
The company has shut down the infected section, and the third-party information security team has also assessed that the environment of the remaining network sections is normal and undamaged. At the same time, it continues to assist us in clarifying the risk footprint, reviewing, improving and strengthening information security measures.
The company's operating conditions are all normal and have not caused substantial losses to the company. At the same time, the investigation bureau has also completed the filing of the case and has entered the stage of criminal investigation.”
Neowin has been covering LockBit for a while now.L ast July we reported that Microsoft Defender was being used to infect PCs. Last month, we also reported that the US Department of the Treasury had sanctioned Mikhail Matveev, one of the alleged creators of LockBit, Russia-linked malware.
The US accused Matveev of using such software to attack US law enforcement, businesses, and critical infrastructure. At the time, the US put a $10 million reward out for any information that led to his arrest or conviction.
Source and image: TechCrunch