In June 2023, Taiwan Semiconductor Manufacturing Company (TSMC), the world's leading microchip manufacturer, fell victim to a significant cyberattack orchestrated by the LockBit ransomware group. The attackers managed to breach TSMC's security and stole sensitive data, demanding a hefty ransom of $70 million for not releasing the stolen information. The breach specifically occurred due to a security incident at one of TSMC's IT providers, Kinmax Technology, during the initial setup and configuration of a server. This event highlighted the cascading risk third-party vendors can pose to global technology leaders. The company faced the threat of having their network entry points and access credentials publicly disclosed by the extortionists. This breach showcases the high stakes involved when leading technology companies are targeted, as it risks exposing critical supply chain details, proprietary technology, and sensitive corporate data.
Source: https://www.ptsecurity.com/ww-en/analytics/asia-cybersecurity-threatscape-2022-2023/
TPRM report: https://scoringcyber.rankiteo.com/company/taiwan-semiconductor-manufacturing-company-limited
"id": "tai010050824",
"linkid": "taiwan-semiconductor-manufacturing-company-limited",
"type": "Ransomware",
"date": "06/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Technology',
'location': 'Taiwan',
'name': 'Taiwan Semiconductor Manufacturing Company '
'(TSMC)',
'type': 'Company'},
{'industry': 'Technology',
'name': 'Kinmax Technology',
'type': 'IT Provider'}],
'attack_vector': 'Compromised Third-Party Vendor',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive Corporate Data',
'Proprietary Technology',
'Supply Chain Details']},
'date_detected': 'June 2023',
'description': 'In June 2023, Taiwan Semiconductor Manufacturing Company '
"(TSMC), the world's leading microchip manufacturer, fell "
'victim to a significant cyberattack orchestrated by the '
'LockBit ransomware group. The attackers managed to breach '
"TSMC's security and stole sensitive data, demanding a hefty "
'ransom of $70 million for not releasing the stolen '
'information. The breach specifically occurred due to a '
"security incident at one of TSMC's IT providers, Kinmax "
'Technology, during the initial setup and configuration of a '
'server. This event highlighted the cascading risk third-party '
'vendors can pose to global technology leaders. The company '
'faced the threat of having their network entry points and '
'access credentials publicly disclosed by the extortionists. '
'This breach showcases the high stakes involved when leading '
'technology companies are targeted, as it risks exposing '
'critical supply chain details, proprietary technology, and '
'sensitive corporate data.',
'impact': {'data_compromised': ['Sensitive Corporate Data',
'Proprietary Technology',
'Supply Chain Details']},
'initial_access_broker': {'entry_point': 'Third-Party Vendor',
'high_value_targets': ['Network Entry Points',
'Access Credentials']},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Security Incident During Server '
'Setup'},
'ransomware': {'data_exfiltration': True,
'ransom_demanded': '$70 million',
'ransomware_strain': 'LockBit'},
'threat_actor': 'LockBit Ransomware Group',
'title': 'LockBit Ransomware Attack on TSMC',
'type': 'Ransomware',
'vulnerability_exploited': 'Security Incident During Server Setup'}