Microchip Technology

In 2023, Microchip Technology, an American semiconductor manufacturer, was targeted by the Play ransomware group. The attack involved encrypted devices and the theft of significant amounts of data. The Play group initially accessed the company’s systems through vulnerabilities in remote monitoring tools like SimpleHelp. The ransomware operators recompiled the malware for each attack, making it difficult for defenders to detect and stop the ransomware. The attack had a profound impact on the company's operations and data security.

Source: https://therecord.media/play-ransomware-gang-fbi-update-900-attacks

TPRM report: https://scoringcyber.rankiteo.com/company/microchip-technology

"id": "mic740060625",
"linkid": "microchip-technology",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Government',
                        'location': 'USA',
                        'name': 'Oakland',
                        'type': 'City'},
                       {'industry': 'Government',
                        'location': 'USA',
                        'name': 'Lowell, Massachusetts',
                        'type': 'City'},
                       {'industry': 'Government',
                        'location': 'USA',
                        'name': 'Dallas County',
                        'type': 'County'},
                       {'industry': 'Semiconductor Manufacturing',
                        'location': 'USA',
                        'name': 'Microchip Technology',
                        'type': 'Company'},
                       {'industry': 'Government',
                        'location': 'USA',
                        'name': 'County Government in Indiana',
                        'type': 'County'},
                       {'industry': 'IT',
                        'location': 'Switzerland',
                        'name': 'IT provider in Switzerland',
                        'type': 'Company'}],
 'attack_vector': ['Email', 'Telephone'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'type_of_data_compromised': ['Stolen citizen data']},
 'date_detected': '2022-06-01',
 'date_publicly_disclosed': '2023-05-01',
 'description': 'More than 900 organizations have been hit by cyberattacks '
                'from the Play ransomware gang since it emerged in 2022, '
                'making it one of the most threatening cybercrime groups '
                'currently active.',
 'impact': {'data_compromised': ['Stolen citizen data'],
            'systems_affected': ['Encrypted devices']},
 'initial_access_broker': {'entry_point': ['Email', 'Telephone']},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': True,
                'ransomware_strain': 'Play'},
 'references': [{'source': 'FBI'},
                {'source': 'CISA'},
                {'source': 'Australia’s cybersecurity agency'},
                {'source': 'Trend Micro'},
                {'source': 'Palo Alto Networks’ Unit42'}],
 'response': {'law_enforcement_notified': ['FBI',
                                           'CISA',
                                           'Australia’s cybersecurity agency']},
 'threat_actor': ['Play ransomware group',
                  'North Korea’s Reconnaissance General Bureau'],
 'title': 'Play Ransomware Attacks',
 'type': 'Ransomware',
 'vulnerability_exploited': 'CVE-2024-57727'}