Cyber Incident Victim: Kinmax Technology

On or around May 31, 2023, Taiwanese semiconductor hardware supplier Kinmax Technology experienced a cybersecurity incident. The breach was publicly claimed by the Russian-speaking cybercriminal group known as LockBit on May 31, 2023. The group asserted they had successfully exfiltrated data from Kinmax and named TSMC, one of the world's largest chipmakers and a key client of Kinmax, as an associated victim. The attackers issued a ransom demand of seventy million dollars directed at the semiconductor firm.

TSMC, a critical supplier to Apple and other major technology companies, confirmed the data breach on June 1, 2023. The company stated that the incident was a breach of its hardware supplier, Kinmax, and not a direct compromise of TSMC's own internal systems. TSMC was quick to assure its investors and the public that the incident had no impact on its business operations. The company further stated that no customer data was compromised as a result of the attack on its supplier.

Kinmax Technology, in a statement distributed by TSMC, provided details on the nature of the compromised data. The investigation determined that the hackers had gained access to Kinmax's internal "testing environment." This environment is used for the technology the company prepares to deliver to its customers. The leaked content was characterized as consisting mainly of system installation preparation materials that Kinmax provides to its customers as default configurations. The company issued an apology, noting that customer names may have been present within the leaked data sets.

In response to the incident, TSMC took immediate action to contain the potential threat. Following its established security protocols and standard operating procedures, TSMC immediately terminated its data exchange with the concerned supplier, Kinmax. This action was taken to isolate the breach and prevent any potential lateral movement from the supplier's compromised systems into TSMC's own network. Representatives from both TSMC and Kinmax did not respond to media inquiries regarding whether any ransom would be paid to the threat actors, and there were no public indications that either company had any plans to meet the hackers' financial demands.

The LockBit group, which claimed responsibility for the attack, is a well-known ransomware operation. LockBit ransomware was identified as the most deployed ransomware variant across the globe in the previous year, 2022, according to US cybersecurity officials. Ransomware groups of this nature are known to exaggerate the value of the data they steal and frequently make outlandish financial demands that often go unmet. The typical follow-through for such groups, if a ransom is not paid, is to publish the stolen data on their leak sites or to sell it to other malicious actors.

The incident highlighted ongoing security concerns for Taiwan's critical technology infrastructure. Taiwan’s semiconductor industry is a vital node in the global hardware supply chain, making any cyberattacks targeting it a significant concern for government officials and business executives worldwide. While this specific incident involving Kinmax and TSMC was assessed as not being operationally impactful, it served as a reminder of the persistent threat landscape. A separate ransomware attack in 2020 targeting Taiwan’s state-run energy company had previously demonstrated more tangible effects, temporarily disrupting some customers' ability to pay for gasoline using company-issued cards.