Security

Thanks for the memories... now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks '5% of stolen files'

More expected to leak unless extortionists are paid off

Shaun Nichols in San Francisco Thu 20 Aug 2020 // 00:27 UTC

The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole.

The South Korean semiconductor giant could not be reached for comment. For what it's worth, the Maze crew doesn't tend to need to fib about these sort of things. When it claims to have infiltrated a victim – and it has pwned a great deal of organizations lately – it usually publicly shares data stolen from the compromised network as proof.

And such is the case with SK hynix. Here's a screenshot of the Maze crew's website announcing the infiltration of the manufacturer's network, and the exfiltration of its internal data:

A screen-grab of the announcement ... Click to enlarge. Credit: Reg source.

A 570MB ZIP archive is provided as a download from the Maze site. It is supposedly just five per cent of the total amount siphoned from SK hynix, which suggests as much as 11GB was stolen by the gang after breaking into the corp's networks and before scrambling its files to hold them to ransom.

According to one person who has viewed the archive's contents, it appears to contain confidential NAND flash supply agreements with Apple, and a mix of personal and corporate files, though nothing dated more recently than a couple of years ago.

SK Hynix is one of the largest suppliers of RAM and flash memory in the world. Their clients include the likes of Apple and IBM. A crippling ransomware attack on its internal network can therefore have knock-on effects for its customers.

For those unfamiliar, Maze offers something of a new take on the old ransomware racket. Whereas traditional extortionware operators simply encrypt their victims' file systems, and then ask a fee to unscramble the data, the Maze miscreants take things a step further and promise to publicly leak all the stolen information if the company doesn't pay up.

Those that fail to meet the ransom demands have their corporate secrets handed out to the public. It's a pretty shady tactic, though one that has proven very effective for the hackers. The approach helped Maze get a name for itself as a crew to be feared.

The ransomware crew likes to make a show of distributing the data of companies that don't pay up. Their previous victims include IT service provider Cognizant, Texas-based VT Aerospace, and semiconductor giant MaxLinear. In June, it extorted a New York architecture firm when it intended to go after a Canadian standards body. ®

A hat-tip to the Register reader who alerted us to the SK hynix update on the Maze website.

12 Comments

Other stories you might like

ESA's Solar Orbiter sails safely past Earth despite orbiting debris concerns

See if you can guess when the spacecraft thrusters took over

Richard Speed Wed 1 Dec 2021 // 09:59 UTC

ESA's Solar Orbiter has completed its flyby of Earth, collecting science data as it did so, and appears to be headed back into deep space without any close encounters with orbiting debris.
The flyby took place on 26 and 27 November, with the spacecraft whizzing past the planet at 12km/s at an expected altitude of around 450km at its closest approach.
The plot below shows the point the spacecraft's thrusters took control, having a tad more oomph than the reaction wheels usually managing the spacecraft's momentum. The gravity gradient and atmospheric effects encountered during SOLO's brief visit home meant that fine-grain control was dispensed in favour of the relatively hobnailed boots of the thrusters.

Continue reading
On the first day of Christmas, my true love gave to me... a coding puzzle and it's a doozy

2021 Advent of Code prepares for launch

Richard Speed Wed 1 Dec 2021 // 09:15 UTC

It's that time of year again, when all good little developers count down to the festive season with the Advent of Code.
It's a gloriously simple concept. Much like the Advent Calendar, each day in December, up to and including the 25th, contains a treat.
However, rather than pictures or vaguely stale chocolates, each Advent of Code day presents a coding challenge that needs solving.

Continue reading
Last chance: Get hands-on ML experience in Prof Mark Whitehorn’s introductory web workshop

December 3 is the final day to buy tickets – book now or miss out

Team Register Wed 1 Dec 2021 // 08:30 UTC

Event On December 9, at 0900 GMT, Register regular Mark Whitehorn and the people behind our machine-learning conference MCubed will bring an online workshop about the foundations of AI straight to your desk.
Spaces are limited and ticket sales will close on December 3 at 1300 GMT – so head over to our website now to secure your spot.
Machine Learning is everywhere, but it is hard to get into it if you don’t know where to start. There are books and self-paced online courses, but what do you do when you get stuck? There's nothing better than hands-on, face-to-face training with someone who knows their stuff.

Continue reading

Samsung wheels out new silicon that turns cars into 5G-fuelled entertainment hubs

Nice wheels! Thanks, it's got eight Cortex-A76 cores, a 5G modem and 32GB of RAM

Simon Sharwood, APAC Editor Wed 1 Dec 2021 // 07:56 UTC

Samsung has wheeled out three new slabs of silicon for automotive applications.
The Exynos Auto V7 is intended to drive in-car infotainment systems. Eight Arm Cortex-A76 cores hum along at up to 1.5GHz, helped by 11 Arm Mali G76 GPU cores.
Samsung has dedicated three of the GPU cores to electronic instrument clusters. The remaining eight can be set to work driving up to four other displays, or processing input from a dozen cameras.

Continue reading
UK watchdog's punishment for Blackbaud, Easyjet, other big privacy lawbreakers was slap on the wrist in private

Is this what they call light-touch regulation?

Gareth Corfield Wed 1 Dec 2021 // 07:28 UTC

Blackbaud was given a private slap on the wrist by the UK's Information Commissioner's Office (ICO) after paying off criminals who stole users' financial data from the cloud CRM biz's servers.
The astonishingly mild sanction was revealed in a Freedom-of-Information response after senior data protection specialist Jon Baines at London law firm Mishcon de Reya asked about reprimands made under the General Data Protection Regulation (GDPR).
Reprimands are a formal expression of the ICO's disapproval, issued to organisations that have broken data protection law.

Continue reading
Beijing wants to level up China's software industry, with an emphasis on FOSS

Plans to build 'two or three open source communities with international influence' in the next five years

Laura Dobberstein Wed 1 Dec 2021 // 06:57 UTC

China's software industry is underperforming internationally and needs to lean into open source technology to improve, the nation's Ministry of Industry and Information Technology (MIIT) on Tuesday.
"Software is the soul of a new generation of information technology, the foundation of digital economic development, and the key support for the construction of manufacturing power, network power and digital China," according to a (machine-translated) announcement from the Ministry.
The document boasts that great strides were made in China's software industry under the the 13th five-year plan, which ran from 2016–20, but is also is critical about the state of software in China.

Continue reading
We've seen things you people wouldn't believe. Mega-comets lurking in solar systems, spewing carbon monoxide

Comet BB is not only largest of its type that we know of, it was likely active billions of miles from the Sun

Katyanna Quach Wed 1 Dec 2021 // 06:32 UTC

Not only is comet Bernardinelli-Bernstein the largest of its kind known, it’s also one of the most active, distant comets, likely spewing plumes of gas further out from the Sun than expected.
The object, code-named C/2014 UN₂₇₁ (Bernardinelli-Bernstein) or just comet BB, was first spotted in 2014. It was tentatively considered a minor planet, meaning it could be an asteroid, a trans-Neptunian object, or even a dwarf planet. After researchers working at the Las Cumbres Observatory in California discovered a coma – a fuzzy halo of gas enveloping the object, which is typically found around comets – it was designated a comet.
Measuring 100km across, comet BB is about 1,000 times larger than the average icy space rock we observe, and made headlines for being the largest object of its type that science is aware of.

Continue reading
Need a new CEO, Salesforce? Have two – Bret Taylor and Marc Beioff to share the job

Restores twin CEO structure that ended in 2020, no indication this has deeper meaning

Simon Sharwood, APAC Editor Wed 1 Dec 2021 // 05:58 UTC

SaaS sultan Salesforce has announced a new CEO: Bret Taylor, previously the company's president and chief operating officer.
Taylor co-created Google Maps, served as Facebook's chief technology officer from 2009 to '20, and came to Salesforce after it acquired his cloudy document collaboration company Quip. Co-CEO is Taylor's second new job this week: he was also elevated from a mere board member at Twitter to become the avian network's president.
Salesforce has had dual CEOs before – Keith Block shared the gig with founder Marc Benioff from 2018 to '20. On the company's earnings Q3 earnings call on Tuesday, Benioff reminded investors of that history and that the arrangement worked rather well.

Continue reading
Qualcomm takes a swipe at Apple's build-not-buy culture (because it wants to sell stuff to Apple)

Suggests collaboration with OS suppliers is the best way to innovate, ignoring that Google just designed its own silicon for Pixel 6

Agam Shah Wed 1 Dec 2021 // 04:59 UTC

Qualcomm has distanced itself from Apple, and took a veiled shot at its rival as it tried to clear the air on its relationship with Google.
The company's swipe at Cupertino came in the form of an assertion by CEO Cristiano Amon, during a speech at the Snapdragon Tech Summit in Hawaii, that the horizontal model of the chip maker partnering with Google and other ecosystem partners on Android has allowed for faster innovation.
"When you compare the power of the ecosystem versus one single company [being] responsible for every single innovation, in the long run we know that we are going to have an environment [in which] innovation is going to happen faster on Android and Snapdragon and that is no coincidence that we have a number of industry firsts," Amon said.

Continue reading
UK intel chief says MI6 must outsource innovation – and James Bond's in-house 'Q' is nonsense

China is on the march, Russia loves to destabilise, no intelligence agency can stop 'em without help

Simon Sharwood, APAC Editor Wed 1 Dec 2021 // 03:56 UTC

The head of the UK's secretive Military Intelligence Section 6 agency – popularly known as MI6 – has delivered a rare speech in which he has warned that China, Iran, and Russia use information technology to destabilise rivals, and that the agency he leads can no longer rely on in-house innovation to develop the technologies the UK needs to defend itself.
MI6 boss Richard Moore (whose initial, one notes, is 'M') delivered a speech on Thursday at the International Institute for Strategic Studies, and opened with an explanation of why the normally reclusive agency had taken the unusual step of allowing its leader to speak in public.
His argument was that "the changing nature of the threats that we face requires a greater degree of openness from a modern intelligence agency" meaning that "to stay secret, we are going to have to become more open".

Continue reading
Cisco tells UCS owners they may have a screw loose – in the server chassis

Power supplies are screwed up because they're not all screwed in

Simon Sharwood, APAC Editor Wed 1 Dec 2021 // 01:03 UTC

Cisco has warned owners of its UCS servers that they may have a screw loose. In the UCS X9508 chassis that houses their servers, that is.
A field notice issued by the company advises: "The Power Entry Module (PEM) for a small number of UCS 9508 units might not be secured in the chassis and could be pulled out when power cord is unplugged from the chassis.
"The captive screws designed to secure the PEM were not correctly tightened and some chassis were shipped with the module improperly secured."

Continue reading

ABOUT US

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Your Consent Options Cookies Privacy Ts&Cs

Review and manage your consent

Manage Cookie Preferences

Topics

Resources

Situation Publishing

Get our Weekly newsletter

Security

Thanks for the memories... now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks '5% of stolen files'

More expected to leak unless extortionists are paid off

Similar topics

Other stories you might like

ESA's Solar Orbiter sails safely past Earth despite orbiting debris concerns

On the first day of Christmas, my true love gave to me... a coding puzzle and it's a doozy

Last chance: Get hands-on ML experience in Prof Mark Whitehorn’s introductory web workshop

Samsung wheels out new silicon that turns cars into 5G-fuelled entertainment hubs

UK watchdog's punishment for Blackbaud, Easyjet, other big privacy lawbreakers was slap on the wrist in private

Beijing wants to level up China's software industry, with an emphasis on FOSS

We've seen things you people wouldn't believe. Mega-comets lurking in solar systems, spewing carbon monoxide

Need a new CEO, Salesforce? Have two – Bret Taylor and Marc Beioff to share the job

Qualcomm takes a swipe at Apple's build-not-buy culture (because it wants to sell stuff to Apple)

UK intel chief says MI6 must outsource innovation – and James Bond's in-house 'Q' is nonsense

Cisco tells UCS owners they may have a screw loose – in the server chassis

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

SIGN UP TO OUR DAILY NEWSLETTER