Microchip Technology confirms theft of employee data
US-based semiconductor manufacturer Microchip Technology has confirmed that the cyberattack it suffered in August 2024 resulted in the theft of data, including “employee contact information and some encrypted and hashed passwords.”
The breach was claimed later that month by the Play ransomware gang, who say that they have stolen “private and personal confidential data, clients documents, budget, payroll, accounting, contracts, taxes, IDs, finance information and etc.”
They have also published some of it, in an attempt to push the company to pay the ransom.
Additional findings
Microchip Technology, which has recently been awarded funding by the US federal government to grow its manufacturing capabilities, has disclosed to the U.S. Securities and Exchange Commission on Wednesday that its operationally critical IT systems are back online and they are working “to bring the remaining affected portions of its IT systems back online while continuing to follow cybersecurity protocols.”
“The Company is aware that an unauthorized party claims to have acquired and posted online certain data from the Company’s systems. The Company is investigating the validity of this claim with assistance from its outside cybersecurity and forensic experts,” they added.
For the time being, they have confirmed the compromise of employee information, and have said that they have not identified any compromised customer or supplier data.
But the investigation continues and its scope, nature and impact is yet to be revealed.
“As of the date of this filing, the Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” the company concluded.
The Play ransomware-as-a-service gang
“Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data,” the FBI, CISA and the Australian Cyber Security Centre explained in an advisory published in December 2023.
“Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe. As of October 2023, the FBI was aware of approximately 300 affected entities allegedly exploited by the ransomware actors.”
Going by the information on their data leak site, the group’s affiliates have racked up a sizeable number of victims since then.
Play ransomware encrypts files with AES-RSA hybrid encryption, intermittently encrypting every other file portion of 0x100000 bytes. More recently, they also started using a Linux variant of the malware to target ESXi environments.
Earlier this year, CyberArk Labs released a web version of White Phoenix, a tool that can recover specific files encrypted by Play ransomware.