Seoul Semiconductor Co., Ltd. Ransomware Attack: A Cybersecurity Threat

Incident Date:

May 7, 2024

World map

Overview

Title

Seoul Semiconductor Co., Ltd. Ransomware Attack: A Cybersecurity Threat

Victim

Seoul Semiconductor Co., Ltd.

Attacker

MetaEncryptor

Location

Seoul, South Korea

, South Korea

First Reported

May 7, 2024

Ransomware Attack on Seoul Semiconductor Co., Ltd.

Victim Profile

Seoul Semiconductor Co., Ltd. is a South Korean company specializing in manufacturing and distributing light emitting diode (LED) products. Founded in 1987, the company is headquartered in Ansan-si, South Korea. Seoul Semiconductor's product range includes z-power LED, top view LED, through hole, side view LED, customized module, chip on board LED, chip, and sensor. The company operates manufacturing factories in Korea, the US, China, and Vietnam, with a presence in 30 offices across about 70 countries.

Industry Standing

Seoul Semiconductor is a key player in the LED industry, known for converting electric energy into light using eco-friendly and energy-efficient technologies. The company is listed on the Korea Exchange and ranks among the world's top 3 LED manufacturers, with annual revenues exceeding $1 billion based on IFRS consolidated financial reporting.

Attack and Vulnerabilities

During the ransomware attack the ransomware group stole 23GB of sensitive data from the company's systems. As a prominent player in the LED manufacturing sector, Seoul Semiconductor's global presence and innovative technologies make it an attractive target for threat actors. The company's extensive network of manufacturing facilities and international offices may pose challenges in maintaining fortified cybersecurity measures across all locations, potentially exposing vulnerabilities that ransomware groups like MetaEncryptor could exploit.

Ransomware Group Tactics

MetaEncryptor, the ransomware group behind the attack on Seoul Semiconductor, is known for its sophisticated encryption techniques and data leak site operations. The group has been linked to similar ransomware operations like LostTrust, indicating a pattern of rebranding to evade detection. MetaEncryptor's use of a data leak site and encryption methods similar to other ransomware groups suggest a high level of coordination and expertise in cyber attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.