A computer virus infected systems at multiple Taiwan Semiconductor Manufacturing Co. (TSMC) factories on Friday night, disrupting operations at precisely the same time it is attempting to ramp up production for tech giant Apple’s future lines of iPhones, Bloomberg reported.
According to Bloomberg, the company in question is the “sole maker of the iPhone’s main processor” and says this is the first time a virus has spread into production lines (namely computer-controlled fabrication tools):
The virus wasn’t introduced by a hacker, the company added in a statement.
It’s unclear who targeted TSMC, the world’s biggest contract manufacturer of chips for companies including Apple and Qualcomm Inc. It’s the first time a virus had ever brought down a TSMC facility, recalling the WannaCry cyberattacks of 2017 that forced corporations around the world to suspend operations as they rooted out the ransomware. TSMC is working on solutions now but said the degree of infection varied from factory to factory, and that it will provide more information Monday after it’s assessed the situation.
Production at TSMC could be disrupted until “at least Sunday,” Bloomberg wrote. The company did not say whether any of the facilities involved were producing for Apple’s supply chain, though TMSC announced earlier this year it had begun high volume production of 7 nm chips designed to perform well while simultaneously limiting energy usage. In May, it reportedly started using the process to manufacture A12 chips for Apple.
Per TechCrunch, cyberattacks on Taiwanese government institutions and the private sector are common and mainly originate from mainland China—which has a long history of strained relations with Taiwan and is far from fond of the latter’s President Tsai Ing-wen. Per Taiwan News, tens of millions of (mostly low-grade) cyberattacks hit the Taiwanese public sector each month, and a Reuters report from June 2018 cited a source close to the Taiwanese government as saying they were increasing in sophistication. Meanwhile, mainland China and Taiwan are competitors in the semiconductor sector.
However, the cause of this particularly attack is unknown at this point. Cybercriminals’ use of ransomware, malware designed to encrypt computers’ operating systems and files before demanding a ransom payment, skyrocketed in 2017. It’s hardly unprecedented for ransomware operators to target businesses which cannot handle system downtime, like health care companies. With a reported profit of $11.61 billion in 2017, TMSC could be a tempting target. Alternately, since the TMSC statement said the virus was not introduced by a hacker, it’s possible that someone on a company network somehow inadvertently downloaded malware.
It’s not clear whether the incident will noticeably offset availability of Apple’s next line of phones, which are expected to be announced this fall. However, Apple is habitually short on production targets, so a weekend-long delay at one of its suppliers probably won’t be the only thing to blame if it happens again in the future. Sanford C. Bernstein analyst Mark Li told Bloomberg that the impact of the attack would likely be limited.