Data theft confirmed in Microchip Technology cyberattack
Major American chipmaker Microchip Technology Incorporated has confirmed that the threat actors behind last month’s cyberattack exfiltrated employee data.
On August 20, the company announced that a cyberattack had affected its operations and that some of its systems had been disabled to isolate the incident.
Now, Microchip Technology has confirmed that while systems are back online and manufacturing has largely been restored, it was able to confirm that employee data was extracted.
“As the investigation continues, the company believes that the unauthorized party obtained information stored on certain company IT systems, including, for example, employee contact information and some encrypted and scrambled passwords. “We have not identified any customer or supplier data that has been obtained by an unauthorized party,” the company said.
“The company is aware that an unauthorized party claims to have acquired and posted certain data from the company’s systems online. “The company is investigating the validity of this claim with the assistance of its third-party cybersecurity and forensic experts.”
As Microchip Technology mentioned, the attack on the company was claimed by threat actors from the Play ransomware gang.
The group said some data had already been published, but said that if Microchip does not meet its demands, it will publish the rest.
“Private and personal confidential data, client documents, budget, payroll, accounting, contracts, taxes, IDs, financial information, etc.,” Play said.
“For now, part of the data has been published. if there is [is] there is no reaction, the full dump will be loaded.”
Attacks on chip manufacturers are not new and can have a detrimental effect on technology supply chains.
Last year, South Korea’s National Intelligence Service (NIS) identified a North Korean hacking campaign targeting chip and semiconductor manufacturers.
The hacking campaign lasted from mid-2023 to early 2024 and involved attempts to compromise several chip manufacturers.
In at least two cases, hackers were able to extract data in December 2023 and February 2024, respectively. In both cases, the North Korean threat actor was able to steal “product design drawings” and photographs of the targeted manufacturing facilities.
“The NIS believes the cyberattacks are part of a broader effort by North Korea to boost its own semiconductor industry. International sanctions restrict the sale of semiconductors to the rogue nation, while at the same time, North Korea is expanding its satellite and missile development programs, two very high-demand industries when it comes to semiconductors.
“As for the nature of the attacks, North Korean hackers relied on stealthy living off the land techniques to evade detection on South Korean networks.”