TSMC Refuses to Pay $70 Million Ransom after Lockbit Falsely Claims Its Affiliates Hacked the Giant Chipmaker

LockBit ransomware operators tried to extort a whopping $70 million out of Taiwanese chipmaker TSMC, claiming they had hacked the company’s systems to steal precious internal data.

Taiwan Semiconductor Manufacturing Company (TSMC) is the world’s biggest and most valuable semiconductor contract manufacturer and designer. It serves leading fabless semiconductor companies such as AMD, Apple, ARM, Broadcom, Marvell, MediaTek, Qualcomm and Nvidia.

Last week, a LockBit affiliate under the screen name of Bassterlord live-tweeted what he claimed was a ransomware attack on the chipmaking giant, sharing screenshots that allegedly depicted email addresses, access to applications, and credentials for various internal TSMC systems.

Soon after, the LockBit ransomware operation posted an entry for TSMC on their data leak site, claiming responsibility for a breach and demanding a $70 million ransom to keep the stolen data private.

"In the case of payment refusal, also will be published points of entry into the network and passwords and logins company," the LockBit gang said, according to Bleeping Computer.

A TSMC spokesperson denied the company was hacked, telling the cyber news site that one of its IT hardware suppliers, Kinmax Technology, was hacked instead.

Kinmax Technology is a systems integrator specialized in networking, host /cloud computing, storage, security and database management.

"TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration," the spokesperson said.

"At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC's system."

"Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information."

In fact, TSMC immediately terminated its data exchange with the supplier following news of the attack, with the spokesperson adding that “TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards.”

Kinmax confirmed the incident, saying in a statement that leaked information mainly consisted of system installation preparation that the company provided to clients as default configurations.

LockBit is said to be the most deployed type of ransomware across the globe. According to the FBI, the group and its affiliates made some $91 million in 2022 solely from extorting victims in the US.