TSMC supplier hacked by LockBit ransomware group

July 11, 2023 - TuxCare PR Team

The world’s largest chipmaker, Taiwan Semiconductor Manufacturing Company (TSMC), has revealed that one of its suppliers, Kinmax Technology, was attacked by the LockBit ransomware organization. It said critical information, including server setup and configuration data, was stolen during the attack.

The LockBit ransomware organisation claims to have successfully broken into TSMC, which TSMC disputes. However, it explains that the vulnerability was caused by its supplier, Kinmax Technology. Regardless, LockBit is demanding a $70 million ransom on or before August 6, claiming access to extremely sensitive information.

TSMC also stated that it acted quickly after learning about the cybersecurity problem involving one of its IT hardware vendors. It went on to say that the hack exposed information relating to the initial server setup and configuration, that it has discontinued its data exchange with Kinmax Technology, and that no customer information was stolen. TSMC included that every hardware component is thoroughly tested and configured before being incorporated into its systems.

Kinmax Technology stated that on June 29, it found a compromise in its internal unique testing environment, which resulted in the disclosure of some information. An unauthorized group gained access and obtained configuration files and parameter information. The stolen material mostly comprised of system installation preparation, which Kinmax Technology supplies as default setups to its clients.

Kinmax Technology has also expressed heartfelt apologies to the affected customers, whose names were included in the leaked information, potentially causing some inconvenience, and stated that it is conducting a thorough investigation into the incident and has implemented enhanced security measures to prevent similar incidents in the future.

The sources for this piece include an article in SecurityWeek.

Summary