ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintTitle ChevronIcon Twitter

TSMC malware attack hit 'most advanced' iPhone chip site

Taiwanese chipmaker resumes production following shutdowns

An Apple store in Taipei. Malware infected a TSMC plant that is building chips for the next iPhone model. (Photo by Ken Kobayashi)

TAIPEI -- All production resumed on Monday afternoon at Taiwan Semiconductor Manufacturing Co., three days after the world's biggest contract chipmaker became the latest victim of the ransomware WannaCry.

The Taiwanese company's most advanced chip site -- now producing core processors for an upcoming iPhone -- took the most severe hit during the peak season for production.

"The more advanced factory is more automated than others so it suffered more impact in this virus outbreak, while it also takes longer for such production to go back to normal," chief executive C.C. Wei told reporters Monday evening in detailing the incident.

Though Wei did not specify customers, it is widely understood that Apple will use TSMC's most advanced 7-nanometer production technology for the A12 core processor chips in new iPhones this fall. The company has served as the sole supplier of iPhone core processor chips since 2016.

The malware spread to the company's production computer network, prompting the shutdown of some facilities including those making chips for Qualcomm, MediaTek, Nvidia, Xilinx, Broadcom and Huawei chip unit Hisilicon Technologies.

Wei said TSMC notified all customers and worked with them on delivering the current quarter's delayed shipments during the October-December period instead. But he declined to comment on whether the ransomware hit could delay shipment of iPhones.

The infection will cost no more than 2% -- or roughly $170 million -- of the company's revenue for the July-September period while reducing gross margin by 1 percentage point, according to Wei's updated forecast. In an earlier statement, TSMC estimated the incident would lower quarterly sales by 3%. The reduction was based on the previous revenue forecast of $8.45 billion to $8.55 billion for the current quarter and gross margin of 48% to 50%.

Based in Taiwan, TSMC competes with chip builders including GlobalFoundries and UMC (Photo by Cheng Ting-fang).

Lora Ho, TSMC's chief financial officer, said the malware also will hurt the company's full-year profit as it raises production and materials costs, though she did not give specific numbers.

Shares of TSMC fell 0.61% on Monday to close at NT$245.50, while rival United Microelectronics Corp. of Taiwan gained 1.41% and China's Semiconductor Manufacturing International Co. dropped 1.22%. MediaTek, the world's No. 2 mobile chip provider and a key TSMC customer, also saw its shares edge lower by 0.36%.

The outbreak comes amid a burst of alleged industrial espionage cases from China and the rising technology cold war between Beijing and Washington. Chips -- an essential component in every electronic device -- carry deep national security implications. Industry executives and investors worry that TSMC, a crucial player in the world's semiconductor supply chain, could become a target for hackers looking to steal vital technical details.

TSMC, based in the Taiwanese city of Hsinchu, attributed the incident to "misoperation during the software installation process for a new production tool, which caused a virus to spread once the tool was connected to the computer network."

The malware already was installed in the machine when it was delivered to TSMC, Wei said, but no criminal party sought ransom following the outbreak over the weekend.

"We believe it was not a hack or a kidnap," he said. "It was negligence that we did not check thoroughly as it should be done before linking it to our internal production network."

"Tens of thousands of machines were affected" due to one piece of equipment with the malware, Wei said, adding that he is "very sorry about this."

The CEO assured that all key chip design blueprints and production data for customers stayed intact without theft or damage.

The malware, which Wei identified as a variation of WannaCry, crashed the operating system of some of the company's machines while forcing the others to restart repeatedly. Wei said all of the machines, the automated handling systems and relevant operating system were affected to various degrees. Those affected lacked a patch for Windows 7, so they could not function properly, he added. All production sites in Taiwan -- the company's primary production base -- were impacted.

WannaCry is considered the most malicious ransomware from last year, reportedly hitting more than 300,000 computers in hospitals, banks and businesses in 150 nations during May 2017. Along with Petya and Bad Rabbit, the damage caused by ransomware reached $5 billion globally last year, up from $1 billion in 2016, according to studies from internet security firms such as Trend Micro.

The shutdown could prove costly for the Taiwanese chip titan beyond immediate finances, harming customer trust and the company's long reputation of flawless chip production, market watchers say.

"For the long term, TSMC's trustworthy image is somewhat tainted, but it is hard to quantify the effect now," said Mark Li, an analyst at Bernstein Research.

"This incident is an execution flaw, which we fear may have bigger long-term implications since investors may be worried about TSMC's technology being hacked," Sebastian Hou, an analyst at CL Securities, said in a research note. "Meanwhile, its customers may have concerns about TSMC's ability to protect their design even if these are safe this time."

George Chang, an analyst at Yuanta Investment Consulting, said investors think it's a one-time accident but will monitor whether such management and execution issues recur soon. "If any of this kind of major execution flaws happen again in a short time, it will become a big crisis to hit investors' and customers' confidence," Chang said.

Companies usually pay more attention to the potential for outside attacks while sometimes neglecting the vulnerabilities inside the internal firewalls, said Mao Ching-hao, vice president and director general at the Cybersecurity Technology Institute, part of the Institute of Information Industry think tank in Taiwan.

"Computers on production equipment could be a loophole for companies' information security," Mao said. "Recently, more attacks and damage are coming from inside networks due to negligence or other intended moves rather than directly from random external hackers."

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends January 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more