Chipmaker shut down due to WannaCry secondary infection.
Taiwan-based chipmaker and Apple supplier Taiwan Semiconductor Manufacturing Co (TSMC) was hit with a cyber incident on Friday, August 3rd. The company brought its plants back online after an infection that caused them to shutter operations over last weekend. The malware in question is said to have been WannaCry, familiar from last year's widespread infestation. The company said the outbreak happened during software installation of a new tool, which then evidently carried the infection into other parts of the company's network. TSMC added that "neither data integrity nor confidential information were compromised."
The incident appears to have been due to operator carelessness, a secondary infection and not a direct attack, as had been widely feared in Taiwan when the malware infection was first reported. TSMC's CEO bluntly told the press, "This is purely our negligence so I don't think there is any hacking behavior." TSMC attributes the infection to failure to scan software for known threats before installation, and they say their staff won't make the same mistake again (SecurityWeek).
WannaCry, to review its history, is a ransomware strain that propagates itself as a worm. It was discovered on May 12 of 2017, and it's been associated with North Korea's Lazarus Group. As TSMC implied, it's a known threat, with readily available detection and mitigation. Still, a nasty piece of work the world has probably not seen the last of, especially as older Windows variants continue in use by manufacturers in many sectors. TSMC had unpatched WIndows 7 systems, and its losses from the incident, while still not determined, will be in the millions of dollars (Network World). Those losses won't be company killing, but they will be painful. Preliminary estimates cap the potential loss at $170 million (BankInfo Security).