As Apple was revealing its newest line of iPads and flashy new iMacs on Tuesday, one of its primary suppliers was enduring a ransomware attack from a Russian operator claiming to have stolen blueprints of the US company’s latest products.
The ransomware group REvil, also known as Sodinokibi, published a blog on its darkweb site early on Tuesday in which it claimed to have infiltrated the computer network of Quanta Computer. The Taiwan-based company is a key supplier to Apple, manufacturing mostly MacBooks. It similarly produces goods for the likes of HP, Facebook and Google.
REvil’s public face on the darkweb, a user on the cybercrime forum XSS who goes by the name “Unknown”, announced on Sunday that the ransomware group was on the cusp of declaring its “largest attack ever”. The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown’s history on the XSS forum who sought anonymity for fear of retaliation.
By early on 20 April, REvil’s “Happy Blog” — a site where the cartel publicly names and shames victims in hopes of coaxing ransom payment — declared Quanta its latest victim. In their post, the hackers claim they’d waited to disclose the Quanta compromise until the date of Apple’s latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data.
Quanta acknowledged an attack without explaining if or how much of its data was stolen.
‘Abnormal’
“Quanta Computer’s information security team has worked with external IT experts in response to cyberattacks on a small number of Quanta servers,” the company said in a statement. “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”
By the time Apple’s product launch was over, REvil had posted schematics for a new laptop, including 15 images detailing the guts of what appears to be a MacBook designed as recently as March 2021, according to the documents.
REvil is now attempting to shake down Apple in its effort to profit off the stolen data. They’ve asked Apple to pay their ransom by 1 May, as was first reported by Bleeping Computer. Until then, the hackers will continue to post new files every day, REvil said on its blog.
An Apple spokesman declined to comment on questions about the compromise.
Quanta added that its information security defence system was activated immediately, and it has resumed internal services affected by the incident. The company is upgrading its cybersecurity infrastructure to protect its data.
Ransomware is a type of malicious code that typically encrypts a victim’s data or network of computers. The hackers then demand a ransom to decrypt the information, or a promise from the hackers not to sell their secret documents. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee. REvil’s the same group that executed a ransomware attack in 2020 against a law firm they claimed once represented some of Donald Trump’s television enterprises. In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.
REvil attempted to engage Quanta in ransom negotiations last week inside a chatroom on the attacker’s darkweb page, according to a transcript. The REvil operator started the interaction by claiming to have stolen and encrypted “all local network data” while demanding $50-million for the decryption key to unlock their systems.
A user responded two days later, stating they were “not the person in-charge of the company“ but wanted clarity on the terms of engagement. The engagement caused confusion, and another two days later, REvil’s operator threatened to publish Apple’s data. It appears the conversation then moved to e-mail.
REvil then delivered on its promise to publish data it believes to be Apple’s proprietary blueprints for new devices. The images include specific component serial numbers, sizes and capacities detailing the many working parts inside an Apple laptop. One of the images is signed by an Apple designer, John Andreadis and dated 9 March 2021. — Reported by Kartikay Mehrotra, (c) 2021 Bloomberg LP