Us, hacked by LockBit? No, says TSMC, that would be our IT supplier

Following claims by ransomware gang LockBit that it has stolen data belonging to TSMC, the chip-making giant has said it was in fact one of its equipment suppliers, Kinmax, that was compromised by the crew, and not TSMC itself.

On Thursday, the gang claimed on its website that it had managed to break into TSMC’s systems, and unless a ransom of $70 million was paid, the exfiltrated info – including network login credentials for the manufacturer’s IT network – would be leaked online.

One of the criminal gang’s affiliates, calling itself the National Hazard Agency, shared screenshots of directory listings of what was said to be the stolen files. The crooks said TSMC has an August 6 deadline to cough up.

When contacted by The Register about the break in, TSMC said it was a third-party supplier — not the chip manufacturer itself — that was breached by the ransomware gang. The Taiwanese giant, which makes chips for Nvidia, AMD, Apple, and others, downplayed the impact of the theft. It doesn’t sound as though the intrusion was entirely uneventful for TSMC, but it’s not like the miscreants made off with, say, blueprints for factories and processors, or so it seems.

“TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration,” a company spokesperson said, adding that the intrusion is under investigation by law enforcement. 

The security breach “has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information,” the spokesperson added. “After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company’s security protocols and standard operating procedures.”

The silicon baker also pledged to help its suppliers improve their security awareness, and said it remained committed to “making sure they comply with security standards.”

While TSMC did not name Kinmax in its statement, the spokesperson directed further questions about the breach to Eric Huang, vice president of Kinmax Technology, and also shared a letter it received from the smaller biz about the break in.

According to the supplier’s statement, it first became aware of the intrusion on the morning of June 29, after discovering that its internal specific testing environment had been breached and “some information” had been leaked.

“The leaked content mainly consisted of system installation preparation that the company provided to our customers as default configurations,” the Kinmax letter said.  

“We would like to express our sincere apologies to the affected  customers, as the leaked information contained their names which may have caused some inconvenience,” it continued. “The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future.”

Huang did not immediately respond to The Register‘s inquiries, and TSMC did not answer our question about whether it would pay the $70 million demand.

LockBit remains an especially prolific ransomware-as-a-service gang, and the group’s affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we’re told. ®

READ MORE HERE