TSMC, the world’s largest contract chipmaker, confirmed a data compromise after being targeted by the LockBit ransomware gang.
Thursday’s dark web dump by Russia-linked LockBit malware listed TSMC. The gang wants $70 million to publish data stolen from the corporation, which controls 60% of the global foundry industry. Equinix cyber threat intelligence specialist William Thomas calls this one of the highest ransom requests ever.
“In case of payment refusal, also will be published points of entry into the network and passwords and logins company,” LockBit said. The group failed to prove it stole data.
A TSMC spokesperson, who emailed TechCrunch from a generic press email account and refused to give their name, confirmed that a “cybersecurity incident” at Kinmax Technology, one of the company’s IT hardware suppliers, leaked “information pertinent to server initial setup and configuration.”
“Upon review, this incident has not affected TSMC’s business operations or compromised any customer information,” the representative said. “After the incident, TSMC immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures.”
Kinmax Technology, a networking, cloud computing, storage, security, and database management IT services and consulting firm, sent TSMC a copy of its communication.
“In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked,” Kinmax stated. “The leaked content was mostly system installation preparation that the Company provided to our customers as default configurations.”
Kinmax “would like to express our sincere apologies to the affected customers,” suggesting TSMC wasn’t its only partner harmed by the issue.
Kinmax Technology vice president Eric Huang declined to identify how many clients were affected.
Kinmax lists HPE, Cisco, Microsoft, Citrix, and VMware as partners on their websites. None of these organizations have responded to TechCrunch’s inquiry, so it’s unclear if the incident affected them.
This latest intrusion comes weeks after the U.S. Justice Department arrested and charged a Russian individual for his alleged role in multiple LockBit ransomware attacks on U.S. and international victims. LockBit claimed a ransomware attack against Indian pharmaceutical firm Granules India on the day of this arrest.