Apple Targeted in $50 Million Ransomware Hack of Supplier Quanta

As Apple Inc. was revealing its newest line of iPads and flashy new iMacs on Tuesday, one of its primary suppliers was enduring a ransomware attack from a Russian operator claiming to have stolen blueprints of the U.S. company’s latest products.
The ransomware group REvil, also known as Sodinokibi, published a blog on its darkweb site early on Tuesday in which it claimed to have infiltrated the computer network of Quanta Computer Inc. The Taiwan-based company is a key supplier to Apple, manufacturing mostly Macbooks. It similarly produces goods for the likes of HP Inc., Facebook Inc. and Alphabet Inc.’s Google.
REvil’s public face on the darkweb, a user on the cyber-crime forum XSS who goes by the name ‘Unknown’, announced Sunday that the ransomware group was on the cusp of declaring its “largest attack ever,” in a post reviewed by Bloomberg News. The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown’s history on the XSS forum who sought anonymity for fear of retaliation.
By early on April 20, REvil’s ‘Happy Blog’ -- a site where the cartel publicly names and shames victims in hopes of coaxing ransom payment -- declared Quanta its latest victim. In their post, also reviewed by Bloomberg, the hackers claim they’d waited to disclose the Quanta compromise until the date of Apple’s latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data.

Quanta acknowledged an attack without explaining if or how much of its data was stolen.

“Quanta Computer’s information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers,” the company said in a statement. “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”

By the time Apple’s product launch was over, REvil had posted schematics for a new laptop, including 15 images detailing the guts of what appears to be a Macbook designed as recently as March 2021, according to the documents reviewed by Bloomberg.

REvil is now attempting to shake-down Apple in its effort to profit off the stolen data. They’ve asked Apple to pay their ransom by May 1, as was first reported by Bleeping Computer. Until then, the hackers will continue to post new files every day, REvil said on its blog.

An Apple spokesperson declined to comment on questions about the compromise.
Quanta added that its information security defense system was activated immediately, and it has resumed internal services affected by the incident. The company is upgrading its cybersecurity infrastructure to protect its data.