Kartikay Mehrotra (Bloomberg) -- As Apple Inc. was revealing its newest line of iPads and flashy new iMacs on Tuesday, one of its primary suppliers was enduring a ransomware attack from a Russian operator claiming to have stolen blueprints of the U.S. company’s latest products.
The ransomware group REvil, also known as Sodinokibi, published a blog on its darkweb site early on Tuesday in which it claimed to have infiltrated the computer network of Quanta Computer Inc. The Taiwan-based company is a key supplier to Apple, manufacturing mostly Macbooks. It similarly produces goods for the likes of HP Inc., Facebook Inc. and Alphabet Inc.’s Google.
Note from DCK: Quanta is also a major data center hardware manufacturer, including for some of the world's largest cloud platforms.
REvil’s public face on the darkweb, a user on the cyber-crime forum XSS who goes by the name ‘Unknown’, announced Sunday that the ransomware group was on the cusp of declaring its “largest attack ever,” in a post reviewed by Bloomberg News. The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown’s history on the XSS forum who sought anonymity for fear of retaliation.
By early on April 20, REvil’s ‘Happy Blog’ -- a site where the cartel publicly names and shames victims in hopes of coaxing ransom payment -- declared Quanta its latest victim. In their post, also reviewed by Bloomberg, the hackers claim they’d waited to disclose the Quanta compromise until the date of Apple’s latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data.
Quanta acknowledged an attack without explaining if or how much of its data was stolen.
“Quanta Computer’s information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers,” the company said in a statement. “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”
By the time Apple’s product launch was over, REvil had posted schematics for a new laptop, including 15 images detailing the guts of what appears to be a Macbook designed as recently as March 2021, according to the documents reviewed by Bloomberg.
REvil is now attempting to shake-down Apple in its effort to profit off the stolen data. They’ve asked Apple to pay their ransom by May 1, as was first reported by Bleeping Computer. Until then, the hackers will continue to post new files every day, REvil said on its blog.
An Apple spokesperson declined to comment on questions about the compromise.
Quanta added that its information security defense system was activated immediately, and it has resumed internal services affected by the incident. The company is upgrading its cybersecurity infrastructure to protect its data.
Ransomware is a type of malicious code that typically encrypts a victim’s data or network of computers. The hackers then demand a ransom to decrypt the information, or a promise from the hackers not to sell their secret documents. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee. REvil’s the same group that executed a ransomware attack in 2020 against a law firm they claimed once represented some of Donald Trump’s television enterprises. In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.
REvil attempted to engage Quanta in ransom negotiations last week inside a chat-room on the attacker’s darkweb page, according to a transcript that’s been reviewed by Bloomberg News. The REvil operator started the interaction by claiming to have stolen and encrypted “all local network data” while demanding $50 million for the decryption key to unlock their systems.
A user responded two days later, stating they were “not the person in-charge of the company“ but wanted clarity on the terms of engagement. The engagement caused confusion, and another two days later, REvil’s operator threatened to publish Apple’s data. It appears the conversation then moved to email.
REvil then delivered on its promise to publish data it believes to be Apple’s proprietary blueprints for new devices. The images include specific component serial numbers, sizes and capacities detailing the many working parts inside of an Apple laptop. One of the images is signed by an Apple designer, John Andreadis and dated March 9, 2021.