Cyber Incident Victim: SK hynix
Date:
Aug 2020
Location:
South Korea
Summary
The Maze ransomware group claimed responsibility for a cyberattack against SK hynix, a major semiconductor manufacturer supplying global technology firms. Attackers exfiltrated approximately 11GB of data, including confidential NAND flash supply agreements with Apple and corporate documents, leaking 5% as proof. Maze employed a double-extortion tactic, encrypting systems while threatening full public disclosure of stolen data unless ransom demands were met. The incident highlighted risks to supply chain partners given the victim's role in critical memory component production.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around August 20, 2020, the Maze ransomware group publicly claimed responsibility for a cyberattack targeting SK hynix, a South Korea-based global semiconductor manufacturer and one of the world’s largest suppliers of RAM and flash memory components. The attackers asserted they had compromised the company’s internal networks, deployed ransomware to encrypt files, and exfiltrated approximately 11GB of proprietary data. As evidence, Maze published a 570MB ZIP archive on its leak site, representing roughly five percent of the total stolen data. Analysis of the leaked files by an unnamed third party revealed confidential supply agreements related to NAND flash memory transactions with Apple, alongside a mix of corporate documents and personal employee data. Notably, the leaked materials contained no records dated within two years prior to the breach, suggesting the accessed data was historical rather than current operational information. Maze employed a double-extortion tactic, threatening to release the remaining stolen data publicly unless SK hynix paid an unspecified ransom. The group’s announcement included a screenshot of their leak site entry to validate the claim, consistent with their established pattern of publicly showcasing victims who resisted payment demands.
The incident posed significant operational and reputational risks to SK hynix due to its role as a critical supplier to major technology firms, including Apple and IBM. A disruption to its internal systems could have cascading impacts on global electronics supply chains, though the article did not specify whether production or delivery schedules were affected. Maze’s history of targeting high-profile organizations lent credibility to their claim, as the group had previously leaked data from victims such as IT services provider Cognizant, aerospace manufacturer VT Aerospace, and semiconductor company MaxLinear. The exfiltrated Apple agreements highlighted potential exposure of sensitive commercial terms, creating legal and competitive vulnerabilities. SK hynix did not issue an immediate public statement regarding the attack or its containment measures, and the article noted repeated attempts to contact the company for comment were unsuccessful. The breach underscored Maze’s evolving ransomware model, which combined file encryption with data leakage threats to intensify pressure on victims. This incident occurred amid a series of attacks by the group, including a June 2020 extortion attempt against a New York architecture firm and plans to target a Canadian standards body.