Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ransomware cyberattack. Show all posts

Play Ransomware Claims Attack on US Semiconductor Manufacturer Microchip Technology

 

The Play ransomware group has claimed responsibility for last week's cyberattack on the American semiconductor company Microchip Technology. On Tuesday, the group added Microchip Technology to its data leak site, as noted by multiple cybersecurity researchers. Play is notorious for its use of custom tools and double-extortion tactics, which involve both encrypting victims' files and threatening to release stolen data.

Microchip Technology reported last week that intruders had disrupted "certain servers and some business operations." Upon discovering the breach, the company took immediate steps to isolate the affected systems, shut down some services, and initiate an investigation.

Microchip Technology has not commented on the Play gang's involvement in the attack. The company produces products such as microcontrollers, embedded security devices, and radio frequency devices, which it supplies to sectors including automotive, industrial, aerospace, and defense. In 2024, its sales reached $7.6 billion.

The Play group typically gives its victims 72 hours to pay a ransom before making stolen data public. However, Kevin O’Connor, a researcher at U.S.-based cybersecurity firm Adlumin, noted that in this case, the timeline was extended, with Play claiming responsibility a week after Microchip Technology reported the incident to the SEC (Securities and Exchange Commission). O'Connor added that while it's not uncommon for ransomware groups to delay data release, it often indicates ongoing negotiations.

Adlumin's research suggests that the Play ransomware operation has significantly expanded over the past year, likely due to its shift to an affiliate model, complicating the attribution of attacks. O'Connor also mentioned that it's still unclear whether the core group or its affiliates were behind the attack on Microchip Technology.

Play ransomware was first identified in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) has reported that the group typically encrypts systems after data exfiltration, impacting various businesses and critical infrastructure organizations across North America, South America, Europe, and Australia. According to Trend Micro's research published in July, the majority of Play's attacks this year have been concentrated in the United States.