The infamous maze hacker has done it again, gaining another popularity for victimizing SK Hynix from South Korea. The victim company was known to be the third-largest semiconductor company profiting from manufacturing RAM and flash memory that is distributed around the globe. A prominent company that they do business is Apple and other PC manufacturers.
Maze hackers are known in the cyber world for their ingenuity on making ransomware attacks to prominent companies. Demanding tantamount of money wired transfer through cryptocurrency to avoid being known before they can provide access to encrypted companies’ sensitive and essential information. So often, for companies failed to heed on their demand, they sold out stolen data to the black market for other malicious actors’ perusal. Before SK Hynix recently rumored attack, they have Maxilinear, the chipmaker, and Henning Harder logistics on the list for just this year. Based on the trend, they mostly targeting multinational IT-related businesses, research companies, security, and law firms.
These adversaries have been around for some time, being dreaded in the cyberworld. They usually make their attack through many gateways such as brute force attack through undiscovered system vulnerabilities, spear-phishing Business Email Compromised (BEC) activities, remote desktop connections exploiting weak password system management, and inter-company infection (sending the ransomware to other company using resources of an already infected company). Maze threat actors encrypt essential files of the targeted company and then asked for the blood money. However, since most companies have already mitigated few plans for such an attack, they have also kept up their phase for more successful extortion. The adversary itself have their website display their recent activity. Aside from the file encryption, a small part of the stolen data is posted on their website to further put pressure on the victim company. Like with the SK Hynix scenario, they have published almost 600 MB of its sensitive company information from which it is believed to have a total of 11 GB to be sold out in case the company failed to pay the ransom.
Currently, SK Hynix is still resilient and has not yet released any official statement to confirm the veracity of the information about the attack.
The only proof that was laid was the information and posted on the Maze website. The community still waits for the news.
Since the group has been around and the modus has already been exposed, cybersecurity experts continue to provide awareness and update for the group’s latest activity. We advice that you always use a robust password management system, secure system vulnerabilities patches are continuously updated, ensure offline back-ups are still available, and spread awareness and imposed high internet vigilance to all employees for the latest and possible ways hackers can get through onto their system. For such an event of a successful intrusion, the victimized company still has the option to pay the ransom money. Else, they can always contact law authorities for assistance in managing the attack. Always have in mind that adversaries will not stop as long as there are willing victims that heed on their demand.