為達最佳瀏覽效果,建議使用 Chrome、Firefox 或 Microsoft Edge 的瀏覽器。

請至Edge官網下載 請至FireFox官網下載 請至Google官網下載
晴時多雲

限制級
您即將進入之新聞內容 需滿18歲 方可瀏覽。
根據「電腦網路內容分級處理辦法」修正條文第六條第三款規定,已於網站首頁或各該限制級網頁,依台灣網站分級推廣基金會規定作標示。 台灣網站分級推廣基金會(TICRF)網站:http://www.ticrf.org.tw

《TAIPEI TIMES》 No customer data stolen in hack of supplier: TSMC


A 3D-printed model of a person working on a computer is pictured in front of a screen displaying the word “cyberattack” in an illustration photograph taken on July 5, 2021.
Photo: Reuters

A 3D-printed model of a person working on a computer is pictured in front of a screen displaying the word “cyberattack” in an illustration photograph taken on July 5, 2021. Photo: Reuters

2023/07/02 03:00

/ Staff writer, with CNA

Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s largest contract chipmaker, on Friday said that no customer data were compromised in a cyberattack on one of its hardware suppliers.

Some information, including TSMC’s name, was leaked when the supplier was hacked on Thursday, but no TSMC data were stolen, the chipmaker said, without disclosing the name of the vendor.

After being informed of the cybersecurity breach, TSMC terminated the exchange of information with the supplier, in line with its security protocols and standard operating procedures, it said.

TSMC’s hardware components are usually subject to extensive checks and adjustments, including security configurations, before being installed in its systems, it said.

The chipmaker said it remained committed to raising security awareness among its suppliers and ensuring that they comply with security standards.

Taiwanese law enforcement is investigating the incident, it said.

International news media reported that the attack was carried out by a Russia-linked ransomware gang called LockBit, which identified the Taiwanese chipmaker on its “dark Web” leak site on Thursday.

San Francisco-based technology news Web site TechCrunch said that the hardware supplier was Kinmax Technology (擎昊科技), an IT services and consulting group based in Hsinchu that specializes in networking, cloud computing, storage, security and database management.

The compromised information pertained to the initial setup and configuration of Kinmax’s servers, TechCrunch said.

LockBit was demanding TSMC pay US$70 million to prevent it from releasing data it claimed to have stolen from the chipmaker, TechCrunch quoted Equinix cyberthreat intelligence researcher William Thomas as saying.

TechCrunch said that TSMC had shared a copy of the communication it received from Kinmax, which showed that the supplier discovered on Thursday that its internal testing environment had been attacked and some information obtained.

The leaked data were largely information concerning the default configurations of system installations that the supplier provides to its customers, TechCrunch said, citing the Kinmax communication.

Kinmax has suggested that TSMC was not the only client affected by the attack, TechCrunch said.

Tech Web site Cybernews said that LockBit is known for its malware of the same name and has led numerous ransomware attacks since early last year, becoming the world’s most prolific ransomware syndicate.

LockBit has hit more than 1,800 companies, primarily using a “ransomware as a service” model to keep a portion of the profits that it pays to affiliates that carry out the attacks, Cybernews said.

LockBit claimed responsibility for a ransomware attack carried out in May against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co (鴻海精密), an iPhone assembler, TechCrunch reported.

Hon Hai, also known as Foxconn Technology Group (富士康科技集團), reported the attack, but has not disclosed how much money was demanded and whether it paid, TechCrunch said.

新聞來源:TAIPEI TIMES

不用抽 不用搶 現在用APP看新聞 保證天天中獎  點我下載APP  按我看活動辦法

焦點今日熱門
看更多!請加入自由時報粉絲團

網友回應

載入中
此網頁已閒置超過5分鐘,請點擊透明黑底或右下角 X 鈕。