EXECUTIVE SUMMARY:
Cyber criminals may have stolen blueprints for Apple’s latest products. The criminals who claim to have the data are engaged in extortion attempts with the Cupertino company, and have threatened to release the documents online.
On Tuesday, the REvil ransomware group publicly announced an attempted breach of Quanta Computer, one of Apple’s third-party vendors based in Taiwan. Quanta provides technology manufacturing for major US tech firms, from Apple to Dell to Hewlett-Packard and others.
Quanta’s services include laptop manufacturing. The company assembles products in accordance with Apple’s designs. Experts assert that cyber criminals have a logical basis and motive for theft in relation to Quanta’s data.
REvil’s “leak site”, which serves as a repository for the gang’s stolen materials as the group attempts to coerce companies into meeting extortion demands, registers a number of product blueprints.
The theft, release, and ransom for the Apple data coincides with Apple’s Spring Loaded product launch. A note on REvil’s leak site stated, “In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many. Tim Cook can say thank you Quanta. From our side, a lot of time has been devoted to solving this problem. Quanta has made it clear to us that it does not care about the data of its customers and employees, thereby allowing the publication and sale of all data we have”.
ReEvil requests that Apple “buy back” the stolen information by the first of May. Otherwise, the group threatens, “more and more files will be added [to the leak site] every day”.
According to BleepingComputer, REvil has also demanded $50 million from Quanta, and has set a deadline of April 27th for final payment.
In addition, the ransomware gang states that it is “negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands”.
The subtext is that Apple may not represent the sole target within this extortion scheme. Given Quanta’s ties to tech, the “ripple effect” here could be consequential.
Stolen Apple product designs, Twitter post. (Image courtesy of Gizmodo.com)
At present, analysis of the situation indicates that REvil may indeed be bluffing. Whether or not the documents in REvil’s possession retain any sensitive or “top secret” plans is not clear. The designs highlighted on the group’s leak site show regular Macbook blueprints.
The hackers may not be telling the truth about the data acquired. It is possible that REvil’s actions may not undermine Apple’s new product releases at all.
“The REvil operators have been responsible for a number of high profile attacks and also some of the highest demands to have become publicly known,” says cyber threat analyst Brett Callow.
“That said, ransomware groups have lied about the strength of their hand in other incidents, so it would be a mistake to assume that REvil has all the data they claim to have and that other parties are interested in buying it.”
REvil’s prominence as a ransomware gang and its past endeavors have earned the group a fearsome reputation. Ruthless, high-profile breaches remain on its rap sheet. Recently, REvil assumed responsibility for a sizeable hack of a multi-national electronics firm. Post breach, the group demanded $50 million in return for the data.
For more on the REvil ransomware gang and possible stolen Apple product designs, visit Gizmodo.
