TSMC, the world’s largest semiconductor manufacturing company, has apparently been hit by a cyberattack at the hands of Russian ransomware gang LockBit. The business has appeared on the gang’s dark web victim blog, with LockBit demanding a $70m ransom for the stolen data.

TSMC hit by cyberattack at the hands of LockBit. (Photo by Vidpen/Shutterstock)

TSMC says one of its suppliers, IT services provider Kinmax, has been breached, which may have led to the chipmaker’s data being stolen.

TSMC cyberattack: LockBit demanding $70m ransom

Based in Taiwan, TSMC is perhaps the most important company in the semiconductor supply chain, manufacturing 95% of the world’s leading-edge chips for companies such as Apple, AMD, Nvidia and Qualcomm. Its annual revenue last year was $74.9bn.

LockBit has not specified the amount of data it managed to lift from the company, but it has set a deadline of 6 August for payment of the ransom, or it claims it will release the data onto the dark web for all to see.

The blog also gives the option to extend the timer for 24 hours for the price of $5,000, or to destroy all information or download all data at any moment for $70m. 

TSMC has issued a statement saying that it is aware of an intrusion into its systems via a third-party hardware supplier, “which led to the leak of information pertinent to server initial setup and configuration.” It claims no customer data was exposed in the breach.

“After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the company’s security protocols and standard operating procedures,” the statement added.

Kinmax Technologies specialises in networking, cloud computing, storage, security and database management. The company was apparently breached on 29 June, and says its “internal specific testing environment was attacked, and some information was leaked”. The leaked content “mainly consisted of system installation preparation that the company provided to our customers,” Kinmax said.

LockBit strikes again

LockBit is a Russian ransomware gang that emerged onto the cybercriminal landscape in 2019. Up to the first quarter of 2023, LockBit has had a total of 1,653 alleged victims, according to a report released by US cybersecurity agency CISA.

The cybercrime group has gained about $91m in ransoms from US victims since its first reported attack in January 2020, the report says. 

Lockbit is responsible for numerous high-profile attacks in the UK. So far this year the gang held the Royal Mail to ransom, demanding $80m in Bitcoin. The company did not pay up, calling the demands “ridiculous,” and the gang responded by posting the data, alongside copies of the negotiations between LockBit and Royal Mail’s representatives, online.

It also stole customer data from UK high street retailer WH Smith. The attack targeted personally identifiable information of current and former employees. There has been no indication since of whether or not the company paid the ransom.

Read more: NHS data exposed in University of Manchester cyberattack