TSMC, Apple, WannaCry - and China?

Taiwan Semiconductor Manufacturing Co. (TSMC) was forced to close several factories on 4 August 2018 after its systems were hit by a computer virus.

TSMC, based in Hsinchu, Taiwan, manufactures Apple’s A11 processor that is used in the iPhone X; it is also producing the A12 processor for newer iPhone models that may be released later this year. As well as Apple, TSMC supplies components and chip designs for other major companies, such as Qualcomm, Huawei Technologies, MediaTek, Nvidia and Texas Instruments.

A couple of days after the incident was reported, it was announced that the virus that affected TSMC’s production for two days was a variant of the WannaCry ransomware which infected more than 200,000 users across the world in 2017. However, the company’s Chief Executive Officer, C.C. Wei, claimed that the incident was the result of a failure to carry out virus scans correctly, rather than a hacker attack.

It appears that WannaCry infected TSMC’s systems after a computer from a supplier was connected to the company’s internal network; however, no explanation has been forthcoming as to how this could have happened. While lax security practices within the IT department may serve as a useful and perhaps predictable explanation for the incident, particularly for shareholders who will be concerned about the costs accruing from the loss of production - estimated by some to total around $255 million - it remains to be revealed how a piece of malicious code capable of taking down those specific industrial systems could successfully infiltrate TSMC’s network.

Answers should eventually emerge as cyber security specialists carry out their own investigations into the incident. Whether or not it is eventually determined that TSMC was in fact targeted by hackers, the episode has again highlighted the cyber security problems which companies and other organisations in Taiwan typically have to deal with.

Taiwan is interesting from a cyber-security perspective because it claims to be an independent country, while China, on the other hand, considers the island to be an inalienable part of its own territory. President Tsai Ing-wen, who leads the Democratic Progressive party, was elected in 2016, and she is viewed as far less sympathetic to Beijing than her predecessors.

Taiwan has in these last two years been hit by an increasing number of cyber-attacks originating from the Chinese mainland. As well as deliberately targeting companies or political organisations, there is a perception that the island is used by state-sponsored Chinese hackers as a testing ground for new (or indeed old) tools or techniques that can be deployed against other targets in the US and beyond. According to reports, the attacks are becoming increasingly difficult to detect.

As Benjamin Read, manager of cyber espionage analysis at FireEye, told the FT in June this year: “Many [examples of] Chinese malware first appeared in campaigns against Taiwan before later being observed targeting interests in the US.” He added that his company expects “the volume of China campaigns targeting Taiwan to increase” as tensions in the region continue to intensify. (source)

In April Taiwan’s Department of Cyber Security (DCS) stated that 288 successful attacks from Beijing’s state-sponsored apparatus and affiliated groups had been detected in 2017. The attacks mainly focused on servers and intranets in civil, military and research departments, with the choice of targets reflecting the priority that China places on cyber espionage activities.

For its part, China has claimed that its own computer networks are regularly targeted by Taiwanese hackers, and there is little doubt that the island has struck back. In June 2017 its Information Communication Electronic Force Command was established: this was reportedly the world’s first independent military cyber command, and illustrates Taiwan’s determination to mitigate attacks and minimise structural damage caused by them, as well as to develop its own cyber warfare strategies.

While Taiwan does not disclose the identities of hacker groups successfully infiltrating networks on the island, it would seem entirely legitimate to speculate that TSMC was deliberately targeted by state-sponsored Chinese attackers. It is even possible that a relatively mild attack was launched against the company as part of the trade war between the US and China that has been accelerating due to President Donald Trump’s ever-increasing announcements of new tariffs. Apple reported just last week that it has become the world’s first trillion dollar company: perhaps an attack aimed at one of its most important suppliers was a warning shot.

Further details about the incident will no doubt be forthcoming, but even if it transpires that TSMC’s systems were infected due to those lax security practices referred to by the company’s CEO, this episode has served as a reminder that the highly damaging WannaCry ransomware is still out there.