Ransomware Attack on MIPS Technologies by Play Ransomware Group: Impact and Details
Incident Date:
July 17, 2024
Overview
Title
Ransomware Attack on MIPS Technologies by Play Ransomware Group: Impact and Details
Victim
MIPS Technologies
Attacker
Play
Location
First Reported
July 17, 2024
Ransomware Attack on MIPS Technologies by Play Ransomware Group
Overview of MIPS Technologies
MIPS Technologies, a pioneer in microprocessor design, specializes in developing RISC (Reduced Instruction Set Computing) architectures, particularly focusing on the RISC-V architecture. Established over three decades ago, MIPS has a significant legacy in semiconductor technology, having shipped billions of chips across various markets, including automotive, cloud computing, and embedded systems. The company is headquartered in California, USA, and employs between 1,000 and 4,999 people. MIPS is known for its innovative RISC-V cores, which offer high performance and extensive customization capabilities.
Details of the Ransomware Attack
MIPS Technologies has fallen victim to a ransomware attack orchestrated by the Play ransomware group. The incident was publicly disclosed on Play Ransomware's Data Leak site, revealing that the tech giant's systems had been compromised. The official release of detailed information is scheduled for July 19, 2024. Preliminary reports have already surfaced, raising alarm among MIPS Technologies' partners and customers. The early disclosure has heightened concerns about the potential impact on the company's operations and data security.
About the Play Ransomware Group
The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has been responsible for numerous high-profile attacks. Initially focused on Latin America, the group has expanded its operations to North America, South America, and Europe. Play ransomware uses various methods to gain entry into a network, including exploiting RDP servers, FortiOS vulnerabilities, and Microsoft Exchange vulnerabilities. The group employs tools like Mimikatz for privilege escalation and uses custom tools to enumerate users and computers on compromised networks.
Potential Vulnerabilities and Attack Methods
MIPS Technologies, with its extensive use of advanced RISC-V architectures and multi-threading capabilities, may have been targeted due to its significant role in critical sectors like automotive and cloud computing. The Play ransomware group could have penetrated MIPS' systems through vulnerabilities in RDP servers or by exploiting known vulnerabilities in FortiOS and Microsoft Exchange. The group's use of scheduled tasks, PsExec, and Group Policy Objects (GPOs) to distribute ransomware executables within the internal network could have facilitated the attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.