Connect with us

Hi, what are you looking for?


Data Breaches

Ransomware Group Targets Foxconn Subsidiary Foxsemicon

Foxsemicon’s website defaced with a message from the LockBit ransomware group, which claims to have stolen 5 Tb of data.

Ransomware Report

Foxsemicon Integrated Technology, a subsidiary of Taiwanese electronics giant Foxconn, appears to have been targeted by the notorious LockBit ransomware group.

Foxsemicon specializes in semiconductor equipment manufacturing. The company’s website was defaced this week with a message claiming that data has been stolen and encrypted. The message said 5 Tb of data has been taken from the company’s systems.

The cybercriminals claimed to have obtained personal data belonging to customers and employees, and threatened to make it public on their leak website unless a ransom is paid. 

The hackers’ message told employees that they will lose their job as they are allegedly “able to completely destroy Foxsemicon with no possibility of recovery”. It’s not uncommon for ransomware gangs to exaggerate their claims in an effort to put more pressure on the victim. 

The message posted on the defaced website also advised the company not to contact any ransomware recovery services or insurance firms. The exact ransom amount is unclear, but this part of the message does mention a $1 million ransom as an example.

While the incident may turn out to have a big impact, Foxsemicon told the Taiwan Stock Exchange that its initial assessment indicates the incident should not have a significant impact on its operations. 

The Foxsemicon website has been restored at the time of writing.

The ransomware group did not name itself on the defaced Foxsemicon website, but the links provided to the company point to the LockBit Tor-based leak website. 

LockBit does not typically deface victims’ websites, but major ransomware groups have been known to experiment with various tactics to increase their chances of getting paid. 

Advertisement. Scroll to continue reading.

Foxsemicon has yet to be listed on LockBit’s site. The cybercrime gang, which has been running the world’s largest and most active ransomware operation, has targeted several other semiconductor companies in the past year, including Taiwan Semiconductor Manufacturing Company (TSMC), from which it initially demanded a $70 million ransom.

Related: Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks

Related: US Organizations Paid $91 Million to LockBit Ransomware Gang

Related: LoanDepot Takes Systems Offline Following Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.