TSMC allegedly hacked by LockBit ransomware

TSMC, the world’s largest semiconductor manufacturer, has been listed on LockBit’s dark web blog, with the gang demanding $70 million for the stolen data. The company confirmed to Cybernews that one of its IT hardware suppliers experienced a cybersecurity incident.

Taiwan Semiconductor Manufacturing Company (TSMC), responsible for 65% of the world’s semiconductors and 90% of the high-end chips, appeared on LockBit’s blog late Thursday.

The attackers didn’t specify which type of data they might have stolen, but the cybercriminals are demanding a $70 million ransom to either destroy all the data or make it available for download.

The perpetrators have threatened to publish network entry points as well as login and password details if TSMC refuse to pay. However, the post did not include any data samples or other indications of the type of information the attackers may have got their hands on.

TSMC LockBit
TSMC posted on LockBit's leak site. Image by Cybernews.

TSMC “aware” of the cybersecurity incident

TSMC said the company is aware that one of its IT hardware suppliers was faced with a cyberattack “which led to the leak of information pertinent to server initial setup and configuration.

“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information. After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures,” the company’s spokesperson told Cybernews.

According to a statement TSMC shared via email, attackers breached Kinmax Technologies, a systems integrator specializing in networking, host /cloud computing, storage, security, and database management. The company was breached early Thursday, June 29th.

“In the morning of June 29th, 2023, the company discovered that our internal specific testing environment was attacked, and some information was leaked. The leaked content mainly consisted of system installation preparation that the company provided to our customers,” reads Kinmax’s statement.

The breached company also issued an apology to its customers, saying that the leaked data included customer names, which “may have caused some inconvenience.

TSMC is sometimes dubbed the world’s most important company, as it takes the lion’s share of the global semiconductor market. The company employs over 65,000 staff and reported revenues exceeding $72 billion for 2022.

What is the LockBit ransomware gang?

The LockBit ransomware gang has been around since 2019 and is known for its malware of the same name. The gang has been dominating the ransomware game since early 2022, becoming the most prolific ransomware syndicate in the market.

It primarily employs the Ransomware-as-a-Service model (RaaS), keeping a portion of the ransom profits paid to the affiliates who carry out the attacks. The notorious ransom gang boasts more than 1,800 victims.

There’s little doubt that LockBit’s leader, nicknamed LockBitSupp, resides in Russia. The gang has also been linked with other prominent Russia-affiliated ransomware cartels, such as Conti and its successor Black Basta and DarkSide and its descendants BlackMatter and BlackCat/ALPHV.

The gang’s notoriety is best illustrated by the fact it sometimes posts over 20 victims in a single day, a volume that other cartels only manage to stretch over a whole quarter.

Recently, Mikhail Matveev, who the US believes resides in Kaliningrad and St Petersburg, has been charged in absentia with using LockBit and other ransomware strains to mount cyberattacks on American law enforcement agencies and other key targets.

Update on June 30th [08:25 AM GMT] with statements from TSMC and Kinmax Technologies.