iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Major US chipmaker Microchip Technology Incorporated has confirmed that the threat actors behind last month’s cyber attack exfiltrated employee data.
On 20 August, the company announced that a cyber attack had affected its operations and that some of its systems had been taken down to isolate the incident.
Now, Microchip Technology has confirmed that while systems are back online and manufacturing is mostly restored, it was able to confirm that employee data was exfiltrated.
“While the investigation is continuing, the company believes that the unauthorised party obtained information stored in certain company IT systems, including, for example, employee contact information and some encrypted and hashed passwords. We have not identified any customer or supplier data that has been obtained by the unauthorised party,” the company said.
“The company is aware that an unauthorised party claims to have acquired and posted online certain data from the company’s systems. The company is investigating the validity of this claim with assistance from its outside cyber security and forensic experts.”
As Microchip Technology mentioned, the attack on the company was claimed by threat actors from the Play ransomware gang.
The group said some data had already been published, but it said that if Microchip does not meet its demands, it will publish the rest.
“Private and personal confidential data, clients documents, budget, payroll, accounting, contracts, taxes, IDs, finance information and etc.,” said Play.
“For now, part of the data have been published. If there [is] no reaction, full dump will be uploaded.”
Attacks on chip manufacturers aren’t new and can have a detrimental effect on technology supply chains.
Just last year, the National Intelligence Service (NIS) of South Korea identified a North Korean hacking campaign targeting chip and semiconductor manufacturers.
The hacking campaign lasted from the middle of 2023 until early 2024 and involved attempts to compromise multiple chip manufacturers.
In at least two cases, the hackers were able to exfiltrate data in December 2023 and February 2024, respectively. In both instances, the North Korean threat actor was able to steal “product design drawings” and site photos of the targeted manufacturing facilities.
“The NIS believes the cyber attacks are part of a wider effort by North Korea to kickstart its own semiconductor industry. International sanctions restrict the sale of semiconductors to the rogue nation, while at the same time, North Korea is expanding its satellite and missile development programs – two very high-demand industries when it comes to semiconductors.
“As to the nature of the attacks, the North Korean hackers relied upon stealthy living-off-the-land techniques to evade detection on South Korean networks.”
Be the first to hear the latest developments in the cyber industry.
