Maze Ransomware gang breached the US chipmaker MaxLinear

Pierluigi Paganini June 17, 2020

U.S. system-on-chip maker MaxLinear disclosed a security incident, Maze ransomware operators infected some of its computing systems in May.

U.S. system-on-chip maker MaxLinear is the last victim of the Maze ransomware operators, the company revealed that the systems were infected last month, but the threat actors first compromised the company on April 15.

MaxLinear is an American hardware company that provides highly integrated radio-frequency (RF) analog and mixed-signal semiconductor solutions for broadband communications applications

The company already sent a data breach notification to the impacted individuals.

“On May 24, 2020, we discovered a security incident affecting some of our systems. We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems.” reads the data breach notification. “Our investigation to-date has identified evidence of unauthorized access to our systems from approximately April 15, 2020 until May 24, 2020. Our investigation has also identified evidence of unauthorized access to files containing personal information relating to you.”

In response to the incident, the IT staff took all systems offline and retained cybersecurity experts to investigate the incident. The company reset passwords of the affected customers and reported the intrusion to law enforcement.

MaxLinear restored some of the systems using its backups, despite Maze Ransomware threatened to leak over 1TB of data allegedly stolen before encrypting the infected systems.

On June 15, the gang leaked 10.3GB of accounting and financial information as proof of the hack

Source: BleepingComputer

According to the company, exposed data include name, personal and company email address and personal mailing address, employee ID number, driver’s license number, financial account number, Social Security number, date of birth, work location, compensation and benefit information, dependent, and date of employment.

According to documents filed with the U.S. Securities and Exchange Commission (SEC), the attack did not affect shipment, order fulfillment, and production capabilities.

“We have been able to reestablish certain affected systems and equipment, and this work is on-going. Although we have incurred and will incur incremental costs as a result of forensic investigation and remediation, we do not currently expect that the incident will materially or adversely affect our operating expenses.” states the SEC filing. “We carry cybersecurity insurance, subject to applicable deductibles and policy limits. We have also engaged with the appropriate law enforcement authorities.”

Recently Maze ransomware operators hit Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions.

Maze ransomware operators are very active in this period, recently they have stolen data from US military contractor Westech and the ST Engineering group, and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Previous victims of the ransomware gang include IT services firms Cognizant and Conduent.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – MaxLinear, Maze ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment