Tuesday, August 10th 2021

GIGABYTE Hacked, Attackers Threaten to Leak Confidential Intel, AMD, AMI Documents

PC components major GIGABYTE has reportedly been hacked, with the attacker group, which goes by the name RansomEXX, stealing 112 GB in data that contains confidential technical documents from Intel, AMD, and others; which are released to GIGABYTE under strict NDAs, to help it design motherboards, notebooks, desktops, servers, and graphics cards. The group also deployed ransomware to encrypt GIGABYTE's data, which includes these documents. The attack allegedly occurred in the week of August 2, and GIGABYTE was forced to shut down its systems in its Taiwan headquarters. This even caused some downtime for its websites.

While it's conceivable that a company of GIGABYTE's scale would maintain timely cold backups of its data, and can recover almost everything RansomEXX encrypted, there's another aspect to this attack, and it's the data the attackers stole. They threaten to leak the data if a ransom isn't paid in time. This would put a large amount of confidential documents, including motherboard designs, UEFI/BIOS/TPM data/keys, etc., out in the public domain. GIGABYTE didn't comment on the issue beyond stating that it has isolated the affected servers from the rest of its network and notified law enforcement.
Sources: Bleeping Computer, The Verge, The Record
Add your own comment

38 Comments on GIGABYTE Hacked, Attackers Threaten to Leak Confidential Intel, AMD, AMI Documents

#1
Tsukiyomi91
when you think that scalping and mining isn't making enough money... good luck to those guys when SWAT comes knocking on their doors.
Posted on Reply
#2
Crackong
Do they contain design documents of their (now famous) PSU ?
Posted on Reply
#4
Chomiq
Don't pay, nuke them from orbit.
Posted on Reply
#5
W1zzard
Such a leak would be awesome for the developer community, to better support existing hardware
Posted on Reply
#6
ZoneDymo
always love reading these sorta emails, what a bunch of muppets
Posted on Reply
#7
Lnxepique
Looking at Gigabytes recent history leads you to believe that their security measures aren't up to par. I'd be very surprised if they were.

Would the general public benefit from such leaks? Given the size of the industry and nearly non existent competition (Intel VS AMD), I'd think so. If yes, fingers crossed. Gigabyte might learn a lesson in security and quality assurance that they desperately need. Or maybe they won't.
Posted on Reply
#8
zlobby
W1zzardSuch a leak would be awesome for the developer community, to better support existing hardware
My thoughts exactly! :D :D :D
Posted on Reply
#9
delshay
Tsukiyomi91when you think that scalping and mining isn't making enough money... good luck to those guys when SWAT comes knocking on their doors.
A single hacker may get caught but a team of hackers will never get caught. They will always be one step ahead.
Posted on Reply
#10
zlobby
delshayA single hacker may get caught but a team of hackers will never get caught. They will always be one step ahead.
Until one of them squeal. And they always do!
Posted on Reply
#11
PiusX
A few months ago someone at Gigabyte (they attributed an intern) screwed up and phrased things on the Gigabyte China website that implied Made in China = sub-par quality. The response was immediate and draconian: all online sales were banned for two months on all major online platforms and websites in China. They returned just last month. Even today when you first arrive at the Gigabyte China website a pop up appears reiterating their Mea Culpa. I would be powerfully surprised if RansomEXX were not Mainland China based.
Posted on Reply
#12
LTUGamer
I had "hacked" Silverstone and Enermax websites some years ago. All their products had their product id (id=420 for example) in their product page link. If I add +1 to their latest product (id=421 for example) unrelised product appears. The most interesting thing is that some products weren't relised in retail market.

Conclusion - cyber secturity in some companies are terific. As far I know Enermax and Silverstone updated their websites.
Posted on Reply
#13
Bitgod
Gigabyte is probably faking this, they just didn't want people sending in emails after the last Gamers Nexus video.
Posted on Reply
#14
joemama
I'm kind of surprised that I didn't even see any news about this even in Taiwan.
Posted on Reply
#15
Chomiq
delshayA single hacker may get caught but a team of hackers will never get caught. They will always be one step ahead.
zlobbyUntil one of them squeal. And they always do!
Those hackers are most probably operating from China or Russia. Good luck catching them. If they're from Russia - no problems from officials until they attack one of the allied states/companies. If they're from China - no problems because it's a company from Taiwan.

Gigabyte will probably do what everyone else does - "support" deal with IT security company that will then pay ransom and decode the files.
Posted on Reply
#16
Kohl Baas
ChomiqDon't pay, nuke them from orbit.
They can't pay because they can't have any kind of insurance the files will not be used anyway on the othet side. If it were possible to have that kind of insurance, they might...
LTUGamerI had "hacked" Silverstone and Enermax websites some years ago. All their products had their product id (id=420 for example) in their product page link. If I add +1 to their latest product (id=421 for example) unrelised product appears. The most interesting thing is that some products weren't relised in retail market.

Conclusion - cyber secturity in some companies are terific. As far I know Enermax and Silverstone updated their websites.
Oh, yes... Cybersecurity... An invisible thing that eats up a lot of money and returns none of it... Until it would...
Posted on Reply
#17
TheUn4seen
I honestly can't feel bad for corporate drones. If it involved consumer data it might be an actual problem, but corporate rubbish... whatever, let them burn.
Posted on Reply
#18
zlobby
Kohl BaasThey can't pay because they can't have any kind of insurance the files will not be used anyway on the othet side. If it were possible to have that kind of insurance, they might...



Oh, yes... Cybersecurity... An invisible thing that eats up a lot of money and returns none of it... Until it would...
Decent security helps you win money by not letting you lose it. The more money you put in security, the less you lose from attacks.

The real deal is striking the perfect balance, so that all risks are identified and accounted for.
BitgodGigabyte is probably faking this, they just didn't want people sending in emails after the last Gamers Nexus video.
What happened there?
Posted on Reply
#19
Chomiq
zlobbyWhat happened there?
In GN testing 50% of the PSU's that Newegg shoved down people's throat with GPU's went kaboom.

It's either bad design, bad components due to component shortages or a mix of both.
Posted on Reply
#20
zlobby
ChomiqIn GN testing 50% of the PSU's that Newegg shoved down people's throat with GPU's went kaboom.

It's either bad design, bad components due to component shortages or a mix of both.
Holly... :fear:
Posted on Reply
#21
TheLostSwede
joemamaI'm kind of surprised that I didn't even see any news about this even in Taiwan.
I think they want to keep it quiet. It's most likely highly embarrassing for them and losing face is just not something you do...
ChomiqThose hackers are most probably operating from China or Russia. Good luck catching them. If they're from Russia - no problems from officials until they attack one of the allied states/companies. If they're from China - no problems because it's a company from Taiwan.

Gigabyte will probably do what everyone else does - "support" deal with IT security company that will then pay ransom and decode the files.
They're not going to pay the ransom from what I've heard.
Posted on Reply
#22
LTUGamer
ChomiqIn GN testing 50% of the PSU's that Newegg shoved down people's throat with GPU's went kaboom.

It's either bad design, bad components due to component shortages or a mix of both.
The problem that Gigabyte expanded their lineup with CPU coolers, Cases, PSUs, keyboards, headsets mouses, SSDs etc...

Definately all those products are made by OEM partners. Taking price into account they all are not the best choices in the market. In best case scenario they just have bad price performance ratio. In the worst case scenario it happens as it happened with this PSU. Sure Gigabyte chosen MEIC as their PSU OEM manufacturer to cut manufacturing costs. The result is blown PSUs.
Posted on Reply
#23
thegnome
W1zzardSuch a leak would be awesome for the developer community, to better support existing hardware
No more crappy RGB Fusion because all of it's code is fixed and integrated into software as OpenRGB or SignalRGB? Would probably be the most useful thing.
Posted on Reply
#24
DeathtoGnomes
W1zzardSuch a leak would be awesome for the developer community, to better support existing hardware
Do I detect a bit of "oh this is great haha"?

its funny as hell considering the recently psu blowing up GN video
Posted on Reply
#25
Chomiq
thegnomeNo more crappy RGB Fusion because all of it's code is fixed and integrated into software as OpenRGB or SignalRGB? Would probably be the most useful thing.
I don't understand why they won't implement those controls on the BIOS level. It's already stored in it, why do we have to install additional software?
Posted on Reply
Add your own comment