Ransomware group "Play" publishes data allegedly from Microchip
Two weeks ago, intruders broke into the IT department of IC manufacturer Microchip. Now the ransomware group "Play" is offering data for sale.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Two weeks ago, criminals broke into the networks of chip manufacturer Microchip. This led to restrictions in production. In the meantime, the ransomware gang Play has claimed responsibility for the break-in. Since Thursday, it has been offering parts of the stolen data for free download.
(Image: Screenshot / dmk)
On Tuesday of this week, the criminal organization Play claimed responsibility for the intrusion into the IT systems of IC manufacturer Microchip in its darknet presence. Since Thursday, details and download links have been available on the Internet underground website.
(Image: Screenshot / dmk)
The data allegedly stolen from Microchip is now available for download. It is apparently a .rar archive that is protected with a password. According to the criminals, the data includes "personal confidential data, customer documents, budget, salary information, accounting data, contracts, tax information, financial information and so on". For the time being, Cybergang is only publishing part of the data. If there is no response, it intends to upload a complete dump.
No further information from Microchip
Microchip has not yet provided any further information regarding the IT security incident. Only the information already reported to the SEC in the Form 8K on August 20 can be viewed by the company. However, the manufacturer is apparently not responding to ransom demands or negotiation requests from the criminal organization Play, as can be deduced from their threat.
The K8 form week discusses that Microchip noticed potentially suspicious activity in its IT systems on Saturday, August 17. Following the discovery, the company took steps to contain and defend against the potentially unauthorized activity. On Monday, August 19, the company discovered that unauthorized third parties had interrupted the use of certain servers and business operations. As a result, some production sites were operating at lower rates than usual. The company's ability to fulfill orders has been affected.
The company is working at full speed to bring the affected parts of the IT systems back online, resume normal business operations and limit the impact of the incident. The investigations are ongoing. The full extent, origin and impact of the IT incident were still unknown at the time. In the meantime, the ransomware group Play at least claims to be responsible.
(dmk)