Taiwanese PCB Giant Unimicron Breached by Sarcoma Ransomware

Taiwan-based printed circuit board (PCB) manufacturer Unimicron Technology Corp. has reportedly suffered a ransomware attack, with cybercriminal group Sarcoma claiming responsibility for the breach.

While the company has yet to confirm a data leak, the threat actors have published samples of allegedly stolen documents on their extortion portal, suggesting a compromise of sensitive corporate data.

Unimicron is one of the world's largest manufacturers of high-density interconnect (HDI) PCBs and semiconductor carriers, critical components used in advanced mobile devices, automotive electronics, and computing hardware. The company operates major production facilities in Taiwan, China, Germany, and Japan, supplying top-tier technology firms, including Apple and Intel. Given its central role in the semiconductor supply chain, a successful ransomware attack on Unimicron raises broader cybersecurity concerns for the electronics industry.

The attack was officially disclosed by Unimicron earlier this month through the Taiwan Stock Exchange Market Observation Post System (TWSE MOPS)—a government-regulated platform where publicly traded companies announce material events affecting their operations. According to the statement, the ransomware attack impacted Unimicron Technology (Shenzhen) Corp., a subsidiary based in China, on January 30, 2025.

Unimicron stated that it immediately engaged an external cyber forensic team to analyze the attack and bolster defenses. The company downplayed operational disruption, stating that the attack had only a limited impact on its Shenzhen subsidiary. The disclosure confirmed that no insurance claims would be filed, suggesting that any financial losses would be absorbed by the company.

Meanwhile, the Sarcoma ransomware group publicly listed Unimicron on its dark web leak site earlier today, threatening to release stolen data in seven days unless a ransom is paid. The leaked samples include internal company documents that appear authentic. The threat actors also claimed to be holding 377 GB of data in total, including files and SQL databases.

Sarcoma is a relatively new ransomware group that has been actively targeting organizations across multiple industries, including manufacturing and engineering. The group follows a double-extortion model, encrypting victims' systems while also exfiltrating sensitive data to pressure them into paying ransom. Their leak portal currently features Unimicron alongside other victims, indicating high-volume activity from the threat actors.