HQ/EMEAFind out how we can help your business
Sarcoma ransomware, a newly emerged hacking group, has claimed responsibility for the data breach incident that targeted the Taiwanese printed circuit board manufacturer Unimicron.
Unimicron is one of the world’s largest PCB producers, having facilities and service centres in multiple countries, such as Taiwan, China, Germany, and Japan. Its products are widely used in LCD monitors, laptops, peripherals, and cell phones. The entity is a public firm that manufactures rigid and flexible PCBs, high-density interconnection (HDI) boards, and integrated circuit (IC) carriers.
This relatively new ransomware group has released samples of the stolen files it allegedly took from the company’s servers during the breach. Moreover, it threatens to release all the nabbed information next week unless the affected company complies with their demands.
The group’s listing on a dark web site earlier this week showed that they had allegedly stolen at least 377 GB of SQL files and documents exfiltrated from the Taiwanese corporation.
Unimicron disclosed the ransomware attack but did not specify Sarcoma as the attacker.
Unimicron published a bulletin on the Taiwan Stock Exchange (TWSE) homepage on February 1 stating that a ransomware attack, which Sarcoma claimed, disrupted its operations.
In addition, the firm stated that the attack’s impact was limited and that it had hired a third-party security provider to assist in analysing and implementing defences. Still, the company did not confirm a data breach.
On the other hand, the samples that Sarcoma leaked on its extortion portal appear to be legitimate. As of now, the Taiwanese company has yet to release further details that would address inquiries about the ransomware attack.
Sarcoma launched its first operations in October last year. That month, it immediately became one of the most active and prolific ransomware gangs, claiming 36 victims.
Sarcoma’s operators use phishing emails and n-day vulnerabilities to obtain initial access and supply chain attacks to pivot from service vendors to clients. After a compromise, the group participates in RDP exploitation, lateral movement, and data exfiltration.
However, the tools used by the threat group have not yet been studied. Therefore, while the threat group’s operation suggests experience in the field, its specific origin and techniques have yet to be determined.
