As Apple was revealing its newest products at the Spring Loaded Event on Apr. 20, one of its main suppliers was targeted by a ransom attack from a Russian operator claiming to have stolen the blueprints of the company's latest products.
Quanta hackers demand ransom
The ransomware group is called REvil, also known as Sodinokibi. The group published a blog on its darkweb site on Apr. 20, in which it claimed to have infiltrated the computer network of Quanta Computer Inc.
The Taiwan-based company is a key supplier of Apple, which manufactures the company's Macbooks. It similarly produces goods for HP Inc., Facebook Inc., and Alphabet Inc.'s Google.
According to Bloomberg, REvil's public face on the darkweb is a user on the cyber-crime forum XSS, who goes by the name "Unknown."
The user announced on Apr. 18 that the ransomware group was on the cusp of declaring its "largest attack ever," in a post reviewed by Bloomberg.
The post was made in Russian on a channel where the REvil group recruits new affiliates, according to a person familiar with Unknown's history on the XSS forum, who sought anonymity for fear of retaliation.
On Apr. 20, REvil's "Happy Blog," which is a site where the cartel publicly names the victims in hopes of getting ransom payment, declared Quanta as its latest victim, according to CNBC.
In their post, the hackers claim that they'd waited to disclose the Quanta compromise until the date of Apple's latest big reveal, contending the parts supplier had expressed no interest in paying to recover the stolen data.
Quanta acknowledged an attack but did not explain if or how much of its data was stolen by the hackers.
Quanta added that they have reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There is no material impact on Quanta's business operation.
REvil hacker's negotiation
As soon as the Spring Loaded Event was over, REvil had posted schematics for a new laptop, including 15 images detailing the Macbook designed as recently as March.
REvil is now attempting to shake-down Apple in its effort to profit off the stolen blueprints. The group asked Apple to pay their ransom by May 1, Bleeping Computer reported.
Until then, REvil will continue to post new files every day on its blog until the ransom is paid.
Quanta added that its information security defense system was activated immediately after the hack, and it has resumed internal services affected by the incident. The company is upgrading its cybersecurity infrastructure in order to protect the data.
REvil is the same group that executed a ransomware attack last year against a law firm that they claimed once represented some of President Donald Trump's television enterprises. In 2019, the group also attacked a group of election clerks in Louisiana a week before Election Day.
REvil attempted to engage Quanta in ransom negotiations last week inside a chat-room on the darkweb page of the hacker group.
The REvil operator started the interaction by claiming to have stolen and encrypted all of the local network data while demanding $50 million for the decryption key to unlock their systems.
The whole engagement caused confusion, and REvil's operator threatened to publish Apple's data. The conversation between the two parties moved to email.
REvil eventually published data that is believed to be Apple's blueprints for new devices. The images include specific component serial numbers, sizes, and capabilities detailing the working parts inside of an Apple laptop.
This article is owned by Tech Times
Written by Sieeka Khan