Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

LockBit ransomware group claims TSMC scalp for $70m ransom, TSMC claims otherwise

In what could have been a nightmare for the global supply of semiconductors, the LockBit ransomware group claimed last week that it had struck the Taiwan Semiconductor Manufacturing Company.

user icon David Hollingworth
Mon, 03 Jul 2023
LockBit ransomware group claims TSMC scalp for $70m ransom, TSMC claims otherwise
expand image

However, TSMC has said its systems are unaffected by the attack since it was only targeted at a third-party supplier.

“TSMC has recently been aware that one of our IT hardware suppliers experienced a cyber security incident which led to the leak of information pertinent to server initial setup and configuration,” the company said in a statement.

“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information.”

============
============

The supplier in question, IT service provider Kinmax, has backed TSMC’s claims and said in its own statement that an “internal specific testing environment” had been accessed and that “some information” was affected.

The apparent attack began on Wednesday last week (28 June), when a Twitter user known as Bassterlord began live tweeting a ransomware operation against TSMC. The now-deleted thread included screenshots suggesting access to TSMC’s network, including email and various network credentials.

On 29 June, the LockBit group’s data leak site listed TSMC as a victim, asking for a ransom of US$70 million.

“In the case of payment refusal, also will be published points of entry into the network and passwords and logins company,” LockBit’s notice read. The notice also said it would publish the purloined data on 6 August 2023.

Since the hack, TSMC has “terminated its data exchange” with Kinmax, and Kinmax itself has said that it has boosted its security.

“The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future,” the Kinmax statement — seen by Bleeping Computer — read.

TSMC is big news when it comes to semiconductor manufacturing. It is the largest independent semiconductor foundry in the world and is the most valuable company in the sector, as well as Taiwan’s largest company. The company produces semiconductors on behalf of Apple, ARM, Nvidia, and AMD, among others.

TSMC’s revenue for the year ending 31 March 2023 amounted to US$74.8 billion.

Baasterlord himself seems to be an affiliate of LockBit, posting on 26 June that he will no longer be paying the 20 per cent affiliate fee the group demands.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.