Gigabyte Hacked; 112 GB of Documents From AMD and Intel in the Hands of Attackers

Taiwanese Gigabyte is one of the most important manufacturers of motherboards and graphics cards, which in recent years has also been dealing with various types of computer hardware for gamers, such as monitors. The company fell victim to ransomware attack by a well-known cybercrime group known as RansomEXX. It was behind the recent attacks on the Brazilian government, the Texas Department of Transportation, the servers of the Lazio local government (an administrative region in Italy with its capital in Rome), and a state-owned telecommunications company in Ecuador, among others.

The attack was carried out in a standard way for the ransomware method. Hackers gained access to Gigabyte's internal servers, from which they stole about 112 GB of confidential data, and then encrypted all the information left there. This enables them to demand a ransom from their victim in exchange for which they guarantee to give up access to the encrypted files and not to publish anything of what they have obtained - e.g. confidential technical documents from AMD, Intel, and potentially Nvidia among others.

BleepingComputer published a message from RansomEXX, in which the group explains how to contact it, as well as provides a link through which the user can decrypt the files it secured on a trial basis. Additionally, the criminals have included some confidential documents from Intel to prove they are in possession of them. The hackers do not explicitly state their demands. However, in such cases, it is usually referred to a sum of at least tens of millions of dollars, which must be paid in the cryptocurrency chosen by the perpetrators.

The note left by RansomEXX. Source: BleepingComputer

Gigabyte confirmed that several of its servers were affected by the attack, due to which the company's websites were unavailable for some time. Although the sites are now up and running, you still can't access e.g. subpages related to technical support. However, the Taiwanese did not comment on the nature of the event, stating only that the "infected" servers have been isolated and secured, and the relevant services have been informed about the case. According to TechPowerUp, the hackers most likely gained access to the company's IT infrastructure last week.

The potential leak of documents from AMD or Intel and other Gigabyte's partners would be costly. This is because they contain highly sensitive technical information that could jeopardize the safe use of the motherboard, GPU, or processor models they describe. In the worst case, this would stop the production of compromized components and expose all affected parties to huge losses. In the documentation, there is probably also a lot of valuable data covered by trade secrets, which would be useful for the competition .

In the last several months we have been observing an increased number of ransomware attack occurences. The victims of hackers are not only technology and production companies, but also game developers such as CD Projekt RED and Electronic Arts, public institutions, healthcare institutions and companies managing the energy infrastructure. It is also difficult to assess the true scale of the phenomenon, as many companies quietly make a deal with the criminals. The increase in hacker activity was largely influenced by the coronavirus pandemic, which opened new gates in IT systems. Many people operate from home, gaining remote access to employers' IT resources. Stealing logins or passwords from private and very often poorly protected computers is much easier and faster.