The Play ransomware group claimed responsibility for last week's attack on US semiconductor manufacturer Microchip Technology.
According to multiple cybersecurity researchers, the cybercrime group added the microchip technology to its data leak site on Tuesday. Play is known for using custom tools to carry out double extortion attacks that not only encrypt victims' files but also threaten to release stolen data publicly.
Microchip Technology said last week that the intruder had disrupted “certain servers and some of its operations.” Once the company became aware of the incident, it isolated the affected systems, shut down some services and began an investigation.
Microchip Technology Inc. did not respond to a request for comment about PlayGang's involvement in the attack. The company makes and sells microcontrollers, embedded security devices and radio frequency devices to companies in the automotive, industrial, aerospace and defense industries. Its sales in 2024 were $7.6 billion.
Play Group initially said it would give victims 72 hours to pay the ransom before releasing the stolen data.
“We note that the timeline in this incident is even longer, with Play only claiming responsibility a full week after Microchip Technology reported the attack to the SEC,” said Kevin O'Connor, a researcher at US cybersecurity firm Adormin.
“While it's not all that unusual for ransomware gangs to act beyond threatened release periods, it does suggest that negotiations may have been taking place,” he told Recorded Future News.
Adlumin said Play ransomware activity has grown significantly over the past year, likely due to a shift to an affiliate model, which can complicate attribution of attacks.
“We have yet to find anything to indicate whether it was the core group or its affiliates that influenced Microchip Technology,” O'Connor said.
Play ransomware was first detected in June 2022. According to an advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the group exfiltrates data and then encrypts systems, affecting a wide range of businesses and critical infrastructure organizations across North and South America, Europe, and Australia.
Most of the group's attacks this year have been focused on the United States, according to research released in July by cybersecurity firm Trend Micro.
Where can I get more information?
Recorded Future
Intelligence Cloud.
learn more.
Source link
