RansomHub Claims Attack on Laptop Maker Clevo, Leaks Confidential Docs

The RansomHub ransomware group has claimed an attack on Taiwanese OEM/ODM laptop manufacturer Clevo and leaked samples of data revealing confidential information.

The extortion process is underway, so the full publication of the documents has been held for now, but the threat actors threaten to release 200 GB soon.

Clevo is a public company in Taiwan that manufactures laptop computers for MSI, Gigabyte, System76, and many others. Its list of partners includes prominent tech leaders like Intel, Nvidia, AMD, and Micron.

The RansomHub cybergang listed Clevo on its extortion page on the dark web yesterday, claiming that it encrypted the firm’s network and backups after an extensive dwell time on their systems. Additionally, the hackers claim to have stolen a large number of documents and technical schematics containing exposing information, the publication of which would harm Clevo’s partners and cause legal trouble for the latter.

RansomHub claims to have breached the Taiwanese laptop maker by social engineering and phishing an employee.

The threat actors published a limited set of screenshots showing a mix of confidential and possibly public data and snapshots that supposedly prove their access to Clevo’s filesystems.

RansomHub often auctions stolen data on its dark web portal, giving it exclusively to the highest bidder. However, there has yet to be an official confirmation that they ever used encryptors in their past attacks. From that perspective, the claim about locking down Clevo’s systems is unprecedented, and it’ll be interesting to see if it holds any truth.

Clevo has not responded to requests for a comment, so the attack and alleged data breach have not been officially confirmed yet. Given the track record of RansomHub and the apparent authenticity of the leaked files, there’s a high chance that a security breach on the Taiwanese computer maker has taken place, though Cyber Insider has been unable to verify it.