LockBit ransomware group has added TF-AMD Microelectronics of Malaysia as a victim. The company is a strategic partner and supplier in Malaysia for American multinational semiconductor company AMD.
In the post on the gang’s leak site, the LockBit ransomware group claimed to have obtained sensitive data related to the company and partners, including data on AMD Nokia, software solutions for chips, and information on processors for space carriers.
The group has boasted about this on their website and has included a sample of the data they have obtained. The sample includes invoices, agreements, chip drawings, and other confidential documents.
AMD develops computer processors and related technologies for business and consumer markets.
TF-AMD Microelectronics, located in Penang, Malaysia, is an assembly and test service provider for high-performance computing and communication solutions.
The Cyber Express has reached out to TF-AMD, AMD Malaysia, and TF-AMD’s communication partner Edelman Public Relations for a confirmation of the incident.
We were yet to get a reply at the time of publishing this report.
LockBit 3.0 and TF-AMD Microelectronics
LockBit ransomware is known for its sophisticated tactics and for targeting large organizations, demanding a high ransom in exchange for the stolen data.
Considering the nature of AMD’s business and the scale of operations in Malaysia, the addition of TF-AMD to their victim list highlights the group’s continued efforts to target organizations with valuable intellectual property and sensitive information.
The leak site post did not mention any ransom note sent to TF-AMD or a deadline for payment. There is no social media post from the company or its officials indicating that the company is working with law enforcement to resolve the issue.
However, Douglas Mun, Group Chief Information Security Officer of Singaporean insurance company Singlife, responded to a tweet by Falcon Feeds on the LockBit ransomware-TF-AMD situation that he will inform the Malaysia Computer Emergency Response Team (MyCERT).
The alleged stolen data includes source code for AMD’s Navi and Arden GPUs, which power the Xbox Series X and PlayStation 5 consoles, as well as details on new products and tools.
AMD has acknowledged the situation and stated that they are working closely with law enforcement agencies and external experts to investigate the matter.
The company, however, did not confirm whether the data breach actually occurred, but security experts believe that the threat should be taken seriously.
LockBit 3.0: New and improved
LockBit 3.0, also known as LockBit Black, is the most recent strain of a notorious ransomware. This one was discovered in late 2022. It targets organizations with the ability to pay high ransom amounts and can self-spread.
According to Sophos, LockBit 3.0 retains most of the features of its predecessor, LockBit 2.0, but also includes new behaviors that make it harder to analyze. Affiliates are sometimes required to use a 32-character password to initiate the ransomware binary.
The typical process of LockBit 3.0 involves infecting the device, encrypting files, deleting specific services, and changing the wallpaper.
Failure to pay the ransom may result in data being sold on the dark web. LockBit 3.0 is known for using Windows Defender to deploy Cobalt Strike, a penetration testing tool, and triggering a sequence of malware infections.
LockBit operates on a Ransomware-as-a-Service (RaaS) model, in which the group collaborates with affiliates who may lack the necessary resources to develop and execute attacks.
The affiliated hacker receives a portion of the ransom, according to a December 2022 alert by the U.S. Department of Health & Human Services.