Hacker collective LockBit has obtained company information from chipmaker TSMC. The data breach resulted from a security incident at a supplier of IT services to the company. Hackers seem increasingly interested in such indirect attacks.
Ransomware group LockBit announced it had stolen data from TSMC. They give no proof of their claim but say they will make the data public if a $70 million ransom is not paid.
According to the group, the stolen data are already passwords and logins. In addition to ways to access the network.
‘TSMC not hacked’
TSMC is one of the largest chip companies in the world. Its customers include Nvidia, AMD, Apple, Qualcomm and Broadcom. So much interesting information about processors and machines can be found there, but that will be almost impossible to find in the stolen data. “TSMC has been aware since recently that one of our IT hardware suppliers experienced a cyber security incident, which led to the data leak through the initial server installation and configuration,” a company spokesperson told The Register.
The manufacturer does not expect major consequences: “The leak did not affect TSMC’s business operations, nor did it compromise TSMC’s customer information.”
Third-party data breach
So the ransomware group could defuse the data through a third-party supplier. There are strong suspicions that the IT supplier in this story involves Kinmax Technology.
This hardware supplier noted that hackers had accessed the company’s test environment late last week. The company shared in a notice that the hackers were unable to capture much data: “The leaked content consisted primarily of system installation preparation that the company provided to our customers as standard configurations.”
“The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents in the future,” the notification concluded.
Easy target for big catch
Hackers are increasingly trying to break in through a third-party supplier. In fact, hackers are looking for an easy target to bring in the big catch.
Typically, IT service providers have to get by on less budget to make their online environment secure. Moreover, not everyone takes cybersecurity so seriously. Security certification should provide a solution, but such certifications are far from foolproof due to assessment methods.
At Kinmax Technology, there are a lot of big fishes to catch. According to the Web site, Nvidia, HPE, Cisco, Microsoft, Citrix and VMware are also customers. It is not clear whether they, too, have fallen victim to LockBit.
More in demand
A striking example from the past that highlights how far-reaching a third-party data breach can be is the SolarWinds hack. This software was used by many large parties, including the U.S. government, the majority of Fortune 500 companies and security firm FireEye, which uncovered the attack.
With the threat of LockBit hanging over their heads, TSMC and Kinmax Technology will have to decide who is responsible for the data breach quickly. Those are always tricky issues in a third-party data breach. TSMC must check the security of its IT suppliers, while the hackers broke into the supplier’s environment. Both are at fault, but no one will want to pay for the cost of the data breach.