Computer chips showing Foxconn subsidiary ransomware attack

LockBit Ransomware Attacks Foxconn Subsidiary Foxsemicon and Stole Terabytes of Data

The notorious LockBit ransomware gang breached a Foxconn subsidiary and demanded a ransom to avoid publishing troves of stolen data.

Foxsemicon Integrated Technology Inc. (FITI) is one of Taiwan’s biggest semiconductor manufacturers, partially owned by Foxconn or Hon Hai Technology Group in China and Taiwan.

On January 17, 2024, LockBit defaced the company’s website with a ransom note demanding payment of an unspecified amount in ransom.

Shortly after, the Taiwanese semiconductor giant told the Taiwan Stock Exchange that it recovered the website immediately after detecting the ransomware attack and was working with security experts.

However, various sections, including the English and Mandarin versions and corporate and financial sections, remained inaccessible. The website no longer shows the hacker’s message but triggered a “malicious website” warning from a locally installed antivirus program.

LockBit ransomware stole 5TB of data from Foxconn subsidiary

The LockBit ransomware claims to have exfiltrated five terabytes of the company’s data and threatened to publish it online if the Foxconn subsidiary refused to pay the ransom.

“If you are a Foxsemicon customer, we have all your personal data,” the Russian-language cyber gang warned. “All your personal data will be freely available on the Internet if Foxsemicon not pays [sic] money.”

The Foxconn subsidiary has not disclosed the ransom demanded, if the hackers accessed the personal information of customers or employees, or whether it was willing to negotiate.

The Foxconn subsidiary has not appeared on LockBit’s data leak site, which usually suggests that the victim has not rejected ransom negotiations or has already paid.

However, Foxsemicon stated that the LockBit ransomware attack “should not significantly affect the company’s operations.” Nevertheless, the cyber gang claims the ransomware attack would destroy the Foxconn subsidiary irreparably.

“If your management does not contact us, you will lose your job, as we are able to completely destroy Foxsemicon with no possibility of recovery,” the LockBit ransomware group warned.

Although Foxsemicon does not expect dire impacts, ransomware attacks pose an existential threat to businesses. In 2021, St. Margaret’s Health in Spring Valley attributed its shutdown partly due to a ransomware attack. Illinois-based Lincoln College and Arkansas-based telemarketing firm The Heritage Company also shut down after ransomware attacks.

Target for Chinese cyber attacks

While financial motives inspired LockBit’s attack on Foxsemicon, Taiwan witnessed an upsurge in politically motivated cyberattacks ahead of the presidential election, mainly attributed to Chinese hackers.

A Beijing antagonist, Lai Ching-te, won the ballot, suggesting a continuation of the current trend. Beijing has been accused of cyber sabotage and espionage campaigns against the Taiwanese semiconductor industry.

“This attack comes during heightened concerns about cyberattacks on Taiwan amidst their upcoming general election,” said Ben Forster, Senior Director of Product at AttackIQ. “Last month, Taiwanese government officials called on the US Treasury Department for support due to heightened security vulnerability.”

Semiconductor manufacturers targeted by hackers

Semiconductor manufacturers are commercially and militarily strategically important. They also hold critical proprietary information desired by adversaries for advancing their domestic tech industries, making them targets of cyber espionage.

The fear of supply chain disruption and the possibility of leaking proprietary information makes them attractive targets for financially motivated hackers.

In June 2023, LockBit ransomware targeted Taiwan Semiconductor Manufacturing Company (TSMC) and demanded $70 million in ransom. TSMC was also impacted by the North Korean WannaCry ransomware in 2017.

In 2022, semiconductor manufacturers AMD, Nvidia, Samsung, Diodes Inc., Etron Technology, Ignitarium, Semikron, and SilTerra also suffered ransomware attacks by various gangs, including Lapsus$, LockBit, Conti, RansomHouse, and REvil.

Sean Deuby, Principal Technologist at Semperis, noted that the attack on a Foxconn subsidiary was “another cold reminder that even the largest organizations in the world, with experienced security teams, face hardships when combating ransomware attacks.”