Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s largest contract chipmaker, on Friday said that no customer data were compromised in a cyberattack on one of its hardware suppliers.
Some information, including TSMC’s name, was leaked when the supplier was hacked on Thursday, but no TSMC data were stolen, the chipmaker said, without disclosing the name of the vendor.
After being informed of the cybersecurity breach, TSMC terminated the exchange of information with the supplier, in line with its security protocols and standard operating procedures, it said.
Photo: Reuters
TSMC’s hardware components are usually subject to extensive checks and adjustments, including security configurations, before being installed in its systems, it said.
The chipmaker said it remained committed to raising security awareness among its suppliers and ensuring that they comply with security standards.
Taiwanese law enforcement is investigating the incident, it said.
International news media reported that the attack was carried out by a Russia-linked ransomware gang called LockBit, which identified the Taiwanese chipmaker on its “dark Web” leak site on Thursday.
San Francisco-based technology news Web site TechCrunch said that the hardware supplier was Kinmax Technology (擎昊科技), an IT services and consulting group based in Hsinchu that specializes in networking, cloud computing, storage, security and database management.
The compromised information pertained to the initial setup and configuration of Kinmax’s servers, TechCrunch said.
LockBit was demanding TSMC pay US$70 million to prevent it from releasing data it claimed to have stolen from the chipmaker, TechCrunch quoted Equinix cyberthreat intelligence researcher William Thomas as saying.
TechCrunch said that TSMC had shared a copy of the communication it received from Kinmax, which showed that the supplier discovered on Thursday that its internal testing environment had been attacked and some information obtained.
The leaked data were largely information concerning the default configurations of system installations that the supplier provides to its customers, TechCrunch said, citing the Kinmax communication.
Kinmax has suggested that TSMC was not the only client affected by the attack, TechCrunch said.
Tech Web site Cybernews said that LockBit is known for its malware of the same name and has led numerous ransomware attacks since early last year, becoming the world’s most prolific ransomware syndicate.
LockBit has hit more than 1,800 companies, primarily using a “ransomware as a service” model to keep a portion of the profits that it pays to affiliates that carry out the attacks, Cybernews said.
LockBit claimed responsibility for a ransomware attack carried out in May against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co (鴻海精密), an iPhone assembler, TechCrunch reported.
Hon Hai, also known as Foxconn Technology Group (富士康科技集團), reported the attack, but has not disclosed how much money was demanded and whether it paid, TechCrunch said.
Tropical Storm Usagi strengthened to a typhoon yesterday morning and remains on track to brush past southeastern Taiwan from tomorrow to Sunday, the Central Weather Administration (CWA) said yesterday. As of 2pm yesterday, the storm was approximately 950km east-southeast of Oluanpi (鵝鑾鼻), Taiwan proper’s southernmost point, the CWA said. It is expected to enter the Bashi Channel and then turn north, moving into waters southeast of Taiwan, it said. The agency said it could issue a sea warning in the early hours of today and a land warning in the afternoon. As of 2pm yesterday, the storm was moving at
DISCONTENT: The CCP finds positive content about the lives of the Chinese living in Taiwan threatening, as such video could upset people in China, an expert said Chinese spouses of Taiwanese who make videos about their lives in Taiwan have been facing online threats from people in China, a source said yesterday. Some young Chinese spouses of Taiwanese make videos about their lives in Taiwan, often speaking favorably about their living conditions in the nation compared with those in China, the source said. However, the videos have caught the attention of Chinese officials, causing the spouses to come under attack by Beijing’s cyberarmy, they said. “People have been messing with the YouTube channels of these Chinese spouses and have been harassing their family members back in China,”
The Central Weather Administration (CWA) yesterday said there are four weather systems in the western Pacific, with one likely to strengthen into a tropical storm and pose a threat to Taiwan. The nascent tropical storm would be named Usagi and would be the fourth storm in the western Pacific at the moment, along with Typhoon Yinxing and tropical storms Toraji and Manyi, the CWA said. It would be the first time that four tropical cyclones exist simultaneously in November, it added. Records from the meteorology agency showed that three tropical cyclones existed concurrently in January in 1968, 1991 and 1992.
GEOPOLITICAL CONCERNS: Foreign companies such as Nissan, Volkswagen and Konica Minolta have pulled back their operations in China this year Foreign companies pulled more money from China last quarter, a sign that some investors are still pessimistic even as Beijing rolls out stimulus measures aimed at stabilizing growth. China’s direct investment liabilities in its balance of payments dropped US$8.1 billion in the third quarter, data released by the Chinese State Administration of Foreign Exchange showed on Friday. The gauge, which measures foreign direct investment (FDI) in China, was down almost US$13 billion for the first nine months of the year. Foreign investment into China has slumped in the past three years after hitting a record in 2021, a casualty of geopolitical tensions,
RSS