Quanta, one of Apple’s major suppliers, said on Wednesday that it had been hit by a cyber attack and was trying to “recover data” after one of the world’s most notorious hacking gangs said it was attempting to extort both companies.
The Taiwanese company, which manufactures computers for Apple and also supplies companies such as Cisco, Microsoft and Siemens, said it had suffered “cyber attacks on a small number of Quanta servers” and was “conducting detailed investigation to ensure containment and recovery of data are in process”.
The admission came after REvil, one of the most prolific criminal ransomware hacking groups, said on its dark web site that it had compromised Quanta and was now extorting Apple.
Like other ransomware gangs, REvil typically locks up the data or computer systems of its victims until it is paid off. In this instance, the group said Quanta had refused to co-operate with its demands and it was now asking Apple to pay a ransom by May 1 in exchange for not leaking their sensitive information.
“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil post added. It also shared copies of what appeared to be Apple product blueprints, though it is unclear whether these contained any confidential information.
Apple declined to comment.
Separate chat logs, seen by the Financial Times, showed that REvil had initially demanded $50m from Quanta.
Quanta on Wednesday said there had been no material impact to its operations, and that “a small range of services” hit by the attacks had been restored. It has notified relevant law enforcement and data protection agencies, it said.
Ransomware attacks have become increasingly prevalent as criminals have used cryptocurrencies such as bitcoin to collect payment without being tracked, and as a shift to remote working during the pandemic has left companies more vulnerable to attacks.
Gangs of ransomware hackers made more than $350m in 2020, a 311 per cent jump on the previous year, according to Chainalysis, though the true figure is likely to be higher given that many victims do not disclose attacks or payouts.
REvil, which also goes by the name of Sodinokibi, is known for making some of the biggest demands to have been made public. Last month, it asked Acer for an initial $50m in return for its stolen data, before doubling the demand, according to news reports at the time.
Additional reporting by Patrick McGee in San Francisco and Eleanor Olcott in Taipei