South China Morning Post
Advertisement
Advertisement
Apple
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Tim Cook, chief executive of Apple, speaks during the Spring Loaded virtual product launch in Tiskilwa, Illinois, in the US on April 20, 2021. Photo: Bloomberg
TechBig Tech

Tech giant Apple targeted in US$50 million ransomware hack at Taiwanese supplier Quanta

  • The ransomware group REvil claimed to have infiltrated the computer network of Apple supplier Quanta, which produces MacBooks for the US tech giant
  • This hacker cartel has asked Apple to pay a US$50 million ransom by May 1 in exchange for the data stolen from Quanta
Apple
Bloomberg
Bloomberg
Why you can trust SCMP
As Apple was revealing its newest line of iPads and flashy new iMacs on Tuesday in the US, one of its primary suppliers was enduring a ransomware attack from a Russian operator claiming to have stolen blueprints of the American tech company’s latest products.
The ransomware group REvil, also known as Sodinokibi, published a blog on its dark web site early on Tuesday, in which it claimed to have infiltrated the computer network of Quanta Computer. The Taiwan-based company is a key supplier to Apple, manufacturing mostly MacBooks. It also produces goods for the likes of HP, Facebook and Alphabet’s Google.

REvil’s public face on the dark web, a user on the cybercrime forum XSS who goes by the name “Unknown”, announced on Sunday that the ransomware group was on the cusp of declaring its “largest attack ever”, in a post reviewed by Bloomberg News. The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown’s history on the XSS forum who sought anonymity for fear of retaliation.

By early on April 20, REvil’s “Happy Blog” – a site where the cartel publicly names and shames victims in hopes of coaxing ransom payment – declared Quanta its latest victim. In their post, also reviewed by Bloomberg, the hackers claim they had waited to disclose the Quanta compromise until the date of Apple’s latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data.

The headquarters of Apple supplier Quanta Computer, a major contract manufacturer of notebook computers and other electronic hardware, is seen in Taoyuan City in northwestern Taiwan. Photo: Handout

Quanta acknowledged an attack without explaining if or how much of its data was stolen.

“Quanta Computer’s information security team has worked with external IT experts in response to cyberattacks on a small number of Quanta servers,” the company said in a statement. “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”

By the time Apple’s product launch was over, REvil had posted schematics for a new laptop, including 15 images detailing the guts of what appears to be a MacBook designed as recently as March 2021, according to the documents reviewed by Bloomberg.

REvil is now attempting to shake-down Apple in its effort to profit off the stolen data. They have asked Apple to pay their ransom by May 1, as was first reported by technology news site Bleeping Computer. Until then, the hackers will continue to post new files every day, REvil said on its blog.

An Apple representative declined to comment on questions about the compromise.

Apple unveils AirTags, candy-coloured Macs and more versatile iPad Pro

Quanta said that its information security defence system was activated immediately, and it has resumed internal services affected by the incident. The company is upgrading its cybersecurity infrastructure to protect its data.

Ransomware is a type of malicious code that typically encrypts a victim’s data or network of computers. The hackers then demand a ransom to decrypt the information, or a promise from the hackers not to sell their secret documents. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee.

REvil is the same group that executed a ransomware attack in 2020 against a law firm they claimed once represented some of Donald Trump’s television enterprises. In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.

REvil attempted to engage Quanta in ransom negotiations last week inside a chat room on the attacker’s dark web page, according to a transcript that has been reviewed by Bloomberg News. The REvil operator started the interaction by claiming to have stolen and encrypted “all local network data”, while demanding US$50 million for the decryption key to unlock their systems.

From US to Asia, thousands of organisations fall victim to Microsoft hack

A user responded two days later, stating they were “not the person in-charge of the company”, but wanted clarity on the terms of engagement. The engagement caused confusion, and another two days later, REvil’s operator threatened to publish Apple’s data. It appears the conversation then moved to email.

REvil then delivered on its promise to publish data it believes to be Apple’s proprietary blueprints for new devices. The images include specific component serial numbers, sizes and capacities detailing the many working parts inside of an Apple laptop. One of the images is signed by an Apple designer, John Andreadis, and dated March 9, 2021.

Post