Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s largest contract chipmaker, on Friday said that no customer data were compromised in a cyberattack on one of its hardware suppliers.
Some information, including TSMC’s name, was leaked when the supplier was hacked on Thursday, but no TSMC data were stolen, the chipmaker said, without disclosing the name of the vendor.
After being informed of the cybersecurity breach, TSMC terminated the exchange of information with the supplier, in line with its security protocols and standard operating procedures, it said.
Photo: Reuters
TSMC’s hardware components are usually subject to extensive checks and adjustments, including security configurations, before being installed in its systems, it said.
The chipmaker said it remained committed to raising security awareness among its suppliers and ensuring that they comply with security standards.
Taiwanese law enforcement is investigating the incident, it said.
International news media reported that the attack was carried out by a Russia-linked ransomware gang called LockBit, which identified the Taiwanese chipmaker on its “dark Web” leak site on Thursday.
San Francisco-based technology news Web site TechCrunch said that the hardware supplier was Kinmax Technology (擎昊科技), an IT services and consulting group based in Hsinchu that specializes in networking, cloud computing, storage, security and database management.
The compromised information pertained to the initial setup and configuration of Kinmax’s servers, TechCrunch said.
LockBit was demanding TSMC pay US$70 million to prevent it from releasing data it claimed to have stolen from the chipmaker, TechCrunch quoted Equinix cyberthreat intelligence researcher William Thomas as saying.
TechCrunch said that TSMC had shared a copy of the communication it received from Kinmax, which showed that the supplier discovered on Thursday that its internal testing environment had been attacked and some information obtained.
The leaked data were largely information concerning the default configurations of system installations that the supplier provides to its customers, TechCrunch said, citing the Kinmax communication.
Kinmax has suggested that TSMC was not the only client affected by the attack, TechCrunch said.
Tech Web site Cybernews said that LockBit is known for its malware of the same name and has led numerous ransomware attacks since early last year, becoming the world’s most prolific ransomware syndicate.
LockBit has hit more than 1,800 companies, primarily using a “ransomware as a service” model to keep a portion of the profits that it pays to affiliates that carry out the attacks, Cybernews said.
LockBit claimed responsibility for a ransomware attack carried out in May against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co (鴻海精密), an iPhone assembler, TechCrunch reported.
Hon Hai, also known as Foxconn Technology Group (富士康科技集團), reported the attack, but has not disclosed how much money was demanded and whether it paid, TechCrunch said.
Tropical Storm Gaemi strengthened into a typhoon at 2pm yesterday, and could make landfall in Yilan County tomorrow, the Central Weather Administration (CWA) said yesterday. The agency was scheduled to issue a sea warning at 11:30pm yesterday, and could issue a land warning later today. Gaemi was moving north-northwest at 4kph, carrying maximum sustained winds near its center of up to 118.8kph and gusts of 154.8kph. The circumference is forecast to reach eastern Taiwan tomorrow morning, with the center making landfall in Yilan County later that night before departing from the north coast, CWA weather forecaster Kuan Shin-ping (官欣平) said yesterday. Uncertainty remains and
SEA WARNING LIKELY: The storm, named Gaemi, could become a moderate typhoon on Wednesday or Thursday, with the Taipei City Government preparing for flooding A tropical depression east of the Philippines developed into a tropical storm named Gaemi at 2pm yesterday, and was moving toward eastern Taiwan, the Central Weather Administration (CWA) said. Gaemi could begin to affect Taiwan proper on Tuesday, lasting until Friday, and could develop into a moderate typhoon on Wednesday or Thursday, it said. A sea warning for Gaemi could be issued as early as Tuesday morning, it added. Gaemi, the third tropical storm in the Pacific Ocean this typhoon season, is projected to begin moving northwest today, and be closest to Taiwan on Wednesday or Thursday, the agency said. Today, there would likely
DISRUPTIONS: The high-speed rail is to operate as normal, while several airlines either canceled flights or announced early departures or late arrivals Schools and offices in 15 cities and counties are to be closed today due to Typhoon Gaemi, local governments announced last night. The 15 are: Taipei, New Taipei City, Taoyuan, Tainan, Keelung, Hsinchu and Kaohsiung, as well as Yilan, Hualien, Hsinchu, Miaoli, Chiayi, Pingtung, Penghu and Lienchiang counties. People should brace for torrential rainfall brought by the storm, with its center forecast to make landfall on the east coast between tonight and tomorrow morning, the Central Weather Administration (CWA) said. The agency issued a sea warning for the typhoon at 11:30pm on Monday, followed by a land warning at 11:30am yesterday. As of
CASUALTY: A 70-year-old woman was killed by a falling tree in Kaohsiung as the premier warned all government agencies to remain on high alert for the next 24 hours Schools and offices nationwide are to be closed for a second day today as Typhoon Gaemi crosses over the nation, bringing torrential rain and whipping winds. Gaemi was forecast to make landfall late last night. From Tuesday night, its outer band brought substantial rainfall and strong winds to the nation. As of 6:15pm last night, the typhoon’s center was 20km southeast of Hualien County, Central Weather Administration (CWA) data showed. It was moving at 19kph and had a radius of 250km. As of 3pm yesterday, one woman had died, while 58 people were injured, the Central Emergency Operation Center said. The 70-year-old