In April, Quanta, a Taiwan-based manufacturer of Apple products, fell victim to a ransomware attack. The REvil group claimed responsibility, threatening to release sensitive data if a ransom was not paid. This cyber attack demonstrated the increasing threat of ransomware to manufacturing and supply chains.
Affected vertical: Manufacturing, specifically electronics.
MITRE Tactics:
- Initial Access (TA0001): The adversaries likely gained access to the network through phishing, exploitation of public-facing applications, or other means.
- Execution (TA0002): The ransomware was executed on Quanta’s servers, encrypting critical files and threatening operations.
- Persistence (TA0003): The ransomware ensured its continued presence on the infected system.
- Privilege Escalation (TA0004): The ransomware likely exploited vulnerabilities to gain high-level privileges.
- Impact (TA0040): The attack threatened the release of sensitive data and disruption of Quanta’s operations.
- Exfiltration (TA0010): Before encrypting the data, the attackers stole sensitive data, threatening to release it publicly.
Further Reading:
https://www.theverge.com/2021/4/21/22396283/apple-schematics-leak-ransomware-quanta-supplier-leak