Hmm
"The post included four documents that were allegedly part of the data LockBit obtained. The documents, which included an email, brochure, and what looked like configuration settings, made only oblique references to TSMC and, at first glance, appeared to include no sensitive information.
Like many of the ransomware groups in existence, LockBit operates under a ransomware-as-a-service business model, in which the developers of the LockBit malware lease it to affiliates. The affiliates attempt to breach the networks of organizations and, when successful, use the LockBit ransomware to encrypt data. If the victim pays a ransom, the affiliates share a portion with the developers.
LockBit was first observed in 2019 and has gone through several transitions. It was referred to as ABCD, a reference to the extension appended to files it encrypted. Later, the extension changed to LockBit. Last June, the developers released LockBit 2.0 as part of an advertising campaign aimed at recruiting new affiliates. The group has successfully extorted $91 million since 2020, the Cybersecurity and Information Security Agency said recently. As of July 2021, there were 9,955 submissions to ID Ransomware, an online tool that helps the ransomware victims identify which ransomware has encrypted their files. Security firm Emsisoft has more about LockBit here.
TSMC said that every hardware component installed in its network must first undergo “extensive checks and adjustments” that include security configurations. The breach remains under an investigation that involves a law enforcement agency, the chipmaker said.
Kinmax offered “sincere apologies to the affected customers.” Use of the plural suggested TSMC wasn’t the only Kinmax customer to have data stolen in the breach. Kinmax didn’t elaborate. Earlier on Friday, the Kinmax website listed partners, including companies HPE, Aruba, Cisco, Microsoft, Citrix, Red Hat, and VMware. The site removed those references shortly before this post went live on Ars.
The Kinmax breach comes two weeks after the US Justice Department announced it had arrested Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), a 20-year-old Russian national, for his alleged participation in several LockBit ransomware attacks in the US and elsewhere. One day earlier, the LockBit site claimed it hacked Indian pharmaceutical company Granules India and published a large trove of documents the group said it had obtained."
Source: https://arstechnica.com/security/20...as-swept-up-in-a-hack-on-a-hardware-supplier/
