Another month, another major tech company having to deal with hackers. Following major names like Acer, Apple and Electronic Arts, Taiwanese electronics manufacturer Gigabyte is the latest big name targeted by hackers. Gigabyte was hit by the ransomware group RansomEXX, who reportedly stole 112GB of data.
The attack seemed to happen sometime last week between the 3rd and 4th of August, and Gigabyte had to shut down their IT infrastructure in Taiwan as a result. Gigabyte’s website was also brought down due to the cyberattack, and they would later state that some servers were affected too. Customers meanwhile reported issues trying to access their support pages and documents, while information about product returns also stopped getting updated.
Gigabyte later confirmed that it was indeed a cyberattack that brought down their infrastructure. They also stated that they had notified the authorities regarding the issue, but stopped short of saying if any data was stolen.
However, the website BleepingComputer has claimed that the RansomEXXX group is behind the attack. According to BleepingComputer, they were sent a link to a non-public page allegedly set up by RansomEXX meant for Gigabyte. This website states that they’ve downloaded 112GB of Gigabyte’s files and are threatening to publish it if the ransom amount is not paid.
They also claim that a lot of stolen data contains confidential information under NDA related to their partners such as Intel, AMD and American Megatrends. Bleeping Computers claims to have seen images of the stolen data, and that they do include documents such as Intel documents about ‘potential issues’ and ‘Ice Lake D SKU stack update schedule’, as well as an AMD revision guide.
If the hackers did indeed steal this data form Gigabyte, it does seem to align with the type of data that Gigabyte would have in hand. The Taiwanese manufacturer is known for their Intel and AMD motherboards, and as such would have been given information by Intel and AMD for any upcoming CPUs so that Gigabyte can design their motherboards. Any potential leak would thus have ramifications not just for Gigabyte, but potentially Intel and AMD too.
The RansomEXX group first appeared back in 2018 under the name Defray, but rebranded into RansomEXX in June of last year which coincided with an increase in activity. They have not only hacked Windows computers but virtual machines as well. RansomEXX is believed to have been behind the recent attacks to Tyler Technologies, the Texas Department of Transportion, IPG Photonics and Konica Minolta.
As for Gigabyte, other than the police report they have not released any new information regarding the attack for now. Hopefully the authorities can stop and retrieve the stolen data before it gets leaked out.