It has been disclosed via a regulatory filing with the SEC that Arizona based Microchip Technology has been pwned in some sort of cyberattack:
On August 17, 2024, Microchip Technology Incorporated (the “Company”) detected potentially suspicious activity involving its information technology (“IT”) systems. Upon detecting the issue, the Company began taking steps to assess, contain and remediate the potentially unauthorized activity. On August 19, 2024, the Company determined that an unauthorized party disrupted the Company’s use of certain servers and some business operations. The Company promptly took additional steps to address the incident, including isolating the affected systems, shutting down certain systems, and launching an investigation with the assistance of external cybersecurity advisors.
As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill orders is currently impacted. The Company is working diligently to bring the affected portions of its IT systems back online, restore normal business operations and mitigate the impact of the incident.
As the Company’s investigation is ongoing, the full scope, nature and impact of the incident are not yet known. As of the date of this filing, the Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
Ted Miracco, CEO, Approov had this to say:
“Microchip Technology’s involvement in sectors like aerospace, defense, and communications makes it a strategic target for cyberattacks. Given the nature of this attack, the most likely culprits would be nation-states including Russia, Iran, or North Korea, rather than China. While China typically focuses on intellectual property theft, especially in the semiconductor industry, the attack on Microchip Technology seems more aligned with the disruptive tactics often employed by Russia and Iran or the financially motivated ransomware attacks linked to North Korea.
“The disruption of multiple manufacturing facilities aligns with the strategic goals of nation-states like Russia and Iran, which have a history of cyber operations intended to cause chaos or weaken their adversaries. This contrasts with China, which usually aims to acquire technology and trade secrets to bolster its own industries. This attack underscores the importance of maintaining resilience in manufacturing operations, especially those integral to national security.”
Tom Marsland, VP of Technology, Cloud Range follows with this comment:
“The 8-K filing does not go into any more details than what is necessary for the report to the SEC, so this is definitely an item that requires closer observation. This goes along with other attacks we’ve observed, such as Volt Typhoon, probing our infrastructure and threatening our utilities, manufacturing, and defense industrial base. I am pleased to see the quick reporting by Microchip, and remain eager to see what our government will do to protect critical infrastructure, which includes suppliers such as Microchip. These companies can be major points of failure for the defense, manufacturing and other critical industries, and will undoubtedly remain a large target as threat actors try to find weak points in our supply chains.
Unfortunately, these companies are big targets because of the potential for disruption to the defense industrial base and/or various sectors of critical infrastructure. It’s one thing to directly attack defense networks, which is largely difficult to do, but if a company that is responsible for helping them “keep their lights on”, so to speak, can be attacked easier, that’s where the threat actors tend to go.
Our government needs to lean in on helping investigate these attacks, and consider an attack on our critical supply chains, on our utilities and critical infrastructure, and on our defense industrial networks as attacks on the United States itself, and take appropriate actions, especially if this is determined to be a nation-state actor. On the regulatory side, there needs to be incentives for these companies to keep their networks secure. Oftentimes, the cost of the breach is on par with the proper security controls that could’ve been in place from the beginning. Increasing oversight and penalties for companies that do not have adequate security controls is a necessary and logical next step.”
Given how important the chip sector is to the US and beyond, this is something that will need to be watched closely. And besides that, Microchip Technology needs to disclose what happened, and how they will stop it from happening again.
Like this:
Like Loading...
Related
This entry was posted on August 21, 2024 at 4:44 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microchip Technology Pwned In Cyberattack
It has been disclosed via a regulatory filing with the SEC that Arizona based Microchip Technology has been pwned in some sort of cyberattack:
On August 17, 2024, Microchip Technology Incorporated (the “Company”) detected potentially suspicious activity involving its information technology (“IT”) systems. Upon detecting the issue, the Company began taking steps to assess, contain and remediate the potentially unauthorized activity. On August 19, 2024, the Company determined that an unauthorized party disrupted the Company’s use of certain servers and some business operations. The Company promptly took additional steps to address the incident, including isolating the affected systems, shutting down certain systems, and launching an investigation with the assistance of external cybersecurity advisors.
As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill orders is currently impacted. The Company is working diligently to bring the affected portions of its IT systems back online, restore normal business operations and mitigate the impact of the incident.
As the Company’s investigation is ongoing, the full scope, nature and impact of the incident are not yet known. As of the date of this filing, the Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
Ted Miracco, CEO, Approov had this to say:
“Microchip Technology’s involvement in sectors like aerospace, defense, and communications makes it a strategic target for cyberattacks. Given the nature of this attack, the most likely culprits would be nation-states including Russia, Iran, or North Korea, rather than China. While China typically focuses on intellectual property theft, especially in the semiconductor industry, the attack on Microchip Technology seems more aligned with the disruptive tactics often employed by Russia and Iran or the financially motivated ransomware attacks linked to North Korea.
“The disruption of multiple manufacturing facilities aligns with the strategic goals of nation-states like Russia and Iran, which have a history of cyber operations intended to cause chaos or weaken their adversaries. This contrasts with China, which usually aims to acquire technology and trade secrets to bolster its own industries. This attack underscores the importance of maintaining resilience in manufacturing operations, especially those integral to national security.”
Share this:
Like this:
Related
This entry was posted on August 21, 2024 at 4:44 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.