LockBit ransomware
TSMC Refutes LockBit’s Claim of Cyberattack Amid $70M Ransom

Taiwan Semiconductor Manufacturing Company (TSMC), a titan in the global chipmaking industry, has rejected claims of falling victim to a cyberattack following an assertion by the LockBit ransomware group. This notorious LockBit ransomware gang had demanded an astronomical ransom of $70 million to prevent the exposure of stolen data.

TSMC is a colossus in the semiconductor manufacturing industry, its products integral to an extensive range of devices. Its repertoire encompasses smartphones, high-performance computing systems, IoT devices, automotive technology, and digital consumer electronics.

Alleged LockBit Ransomware Attack on TSMC

Last Wednesday, a cyber-criminal, Bassterlord, associated with the LockBit group, claimed to launch a ransomware attack on TSMC. This claim was substantiated with tweeted screenshots purporting to showcase significant access to TSMC’s systems.

The presented evidence seemingly featured email addresses, access to applications, and credentials of various internal systems. However, the incriminating Twitter thread has since been deleted.

LockBit’s Ultimatum

Following the thread’s deletion, LockBit created a fresh entry for TSMC on their data leak website. The group demanded $70 million to refrain from publishing stolen data and sensitive information.

“In the case of payment refusal, points of entry into the network and company passwords and logins will be published,” stated the LockBit data leak entry regarding TSMC.

TSMC’s Rebuttal

Countering these accusations, a TSMC spokesperson clarified to BleepingComputer that their systems were not breached. The actual victim was one of their IT hardware suppliers, Kinmax Technology.

“We have recently been made aware of a cybersecurity incident involving one of our IT hardware suppliers,” stated the spokesperson. “This incident led to the leakage of information related to server initial setup and configuration.”

TSMC also assured that every piece of hardware undergoes meticulous checks and adjustments, including security configurations, before being incorporated into TSMC’s system. They confirmed the incident had neither impacted business operations nor compromised customer data.

TSMC Ceases Data Exchange with Breached Supplier

In addition to affirming its systems were uncompromised, TSMC also announced the termination of data exchange with the breached supplier until further clarity. The semiconductor giant reinforced its commitment to enhancing security awareness among its suppliers and ensuring compliance with security standards.

Investigation into the cyberattack is ongoing, with a law enforcement agency also involved.

Kinmax’s Statement on LockBit

The beleaguered supplier, Kinmax, released a statement acknowledging a compromise in a specific testing environment within its network on June 29, 2023. They discovered the intruders managed to exfiltrate data, mainly regarding client system installation and configuration guidance.

Given Kinmax’s stature compared to TSMC, it’s unlikely LockBit’s $70 million ransom demand will garner any response.

The $70 million ransom demand is among the largest to date, further muddying the waters of who exactly fell victim to this cyberattack. Other hefty ransom demands have included a $50 million ransom for Acer, $50 million in an attack on CNA, $70 million in the Kaseya supply chain attack, and an overwhelming $240 million in an attack on MediaMarkt.