Taiwanese chipmaker TSMC could be facing one of the largest ransom demands in history amid reports that threat actors have gained access to sensitive company information.
An affiliate group of LockBit’s ransomware as a service offering, known as National Hazard Agency, claims to have gained access to TSMC network entry points as well as staff login details following a breach at third-party IT supplier Kinmax.
LockBit has officially listed TSMC on its dark web blog, setting the ransom demand at $70 million.
The blog listing from LockBit fails to provide additional information on the extent of the data compromised in the breach, nor does it provide samples to confirm what has been stolen.
LockBit has threatened that “in the case of payment refusal” it will publish stolen information on network entry points, as well as login details.
National Hazard Agency, a sub-clique of Lockbit ransomware group, has ransomed TSMC (Taiwan Semiconductor Manufacturing Company).The company has an estimated annual revenue of $57,220,000,000.National Hazard Agency is ransoming them for $70,000,000. pic.twitter.com/bXjzQ7SSXUJune 30, 2023
In a statement, Kinmax confirmed it had suffered a security breach, revealing that its “internal specific testing environment” had been compromised.
“The leaked content mainly consisted of system installation preparation that the company provided to our customer as default configurations,” Kinamax said.
TSMC operations “not affected” by breach
TSMC told ITPro that it was aware that an IT hardware supplier had experienced a security incident, confirming that leaked data pertained to “server initial setup and configuration”.
Supply chain as kill chain
Learn more about data hygiene, supply chain security, and omni-channel retail
However, the Taiwanese semiconductor giant has refuted claims that the attack has impacted its operations, adding that no customer information had been compromised in the breach.
“This incident has not affected TSMC’s business operations, nor did it compromise any TSMC customer information,” the firm said in a statement.
Upon discovery of the Kinmax incident, TSMC said it “immediately terminated” its data exchange with the supplier in accordance with company security protocols.
The firm is also working with law enforcement following the discovery.
“TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards,” the firm said.
“This cyber security incident is currently under investigation that involves a law enforcement agency.”
This latest LockBit ransom demand marks one of the largest ever from a hacker group, putting it on par with REvil’s infamous demand in the wake of the Kaseya breach.
Top 5 Highest Ransom Demands 📈🔘 Hive: MediaMarkt - $240m🔘 REvil: Acer - $100m🔘 REvil: Kaseya - $70m🔘 LockBit: TSMC - $70m 🆕🔘 LockBit: Pendragon - $60mHonourable mention:🔘 EvilCorp: CNA Financial - $40m (Paid)June 30, 2023
The hefty ransom also eclipses previous demands made by LockBit, specifically the Pendragon breach in 2022 that was set at $60 million.
In March 2021, Acer was targeted by REvil, the group that used to occupy the role of the most prolific ransomware organization, with a ransom set at a maximum $100 million.
The price was originally set at $50 million, a sum that REVil promised to increase sharply if it wasn’t paid quickly.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.