Operations resume after virus attack shuts down Taiwanese maker of Apple chips
Taipei — Taiwan Semiconductor Manufacturing Co (TSMC) blamed a variant of the 2017 WannaCry ransomware for the unprecedented shutdown of several plants, as it ramps up chip making for Apple’s next iPhones.
Full operations have resumed and the malware will reduce revenue this quarter by no more than 2%, down from an initial estimate of roughly 3%, CEO CC Wei said on Monday. The company faces shipment delays from the infection, which happened when a supplier installed tainted software without a virus scan. It spread swiftly and hit facilities in Tainan, Hsinchu and Taichung — home to some of the cutting-edge plants that produce Apple’s semiconductors.
TSMC intends to make up for the lost time as it heads into the critical holiday season, Apple’s most important quarter. But Wei wouldn’t discuss the impact on its customers or where the malware variant may have originated, nor how it made it past the company’s security protocols — a black eye for a corporation that prides itself on its technological and operational superiority. No hacker targeted TSMC, Wei said, explaining that the infected production tool was provided by an unidentified vendor.
"We are surprised and shocked," Wei told reporters. "We have installed tens of thousands of tools before, and this is the first time this happened."
The company is overhauling its procedures after encountering a virus more complex than initially thought, he said. CFO Lora Ho said the incident would have some effect on TSMC’s 2018 profit, declining to elaborate beyond an earlier warning that third-quarter gross margins would slip by about a percentage point.
This is the first time a virus has brought down a TSMC facility. Its shares dipped less than 1% Monday. The incident underscores the global nature of the technology supply chain, in which companies such as Apple and Qualcomm depend on hundreds of suppliers around the world.
WannaCry spread across the globe in May 2017, rolling through corporations from FedEx to French car maker Renault and infiltrating Russia’s interior ministry as well as British hospitals. Thought to have emanated from North Korea, it gave victims 72 hours to pay $300 in bitcoin or cough up twice as much, threatening a permanent loss of data. Wei said the variant that infected TSMC didn’t demand a ransom.
The rogue code was ultimately estimated to have infected hundreds of thousands of computers that run Microsoft’s Windows, in thousands of companies in about 150 countries. The ransomware however was considered unsophisticated and was quickly contained.
TSMC had previously forecast revenue of $8.45bn to $8.55bn in the September quarter. The company, which also serves Huawei Technologies, MediaTek, Nvidia and Texas Instruments, maintained its 2018 forecast of boosting revenue by high single digits in US dollar terms.
The company again declined to discuss the implications for Apple, which last week surpassed a market value of $1-trillion. The disruption at TSMC comes at a sensitive time for its largest customer, which accounts for more than 21% of its revenue.
Apple designs the processors that go into its devices, but uses TSMC as its exclusive partner for producing the chips. In the past, the US company has employed foundries owned by Samsung Electronics, its rival in global mobile devices.
Apple’s said to be ramping up production of three new iPhone models for this spring, banking on them to continue its recent sales momentum. It’s also planning new iPad and Apple Watch models, devices that have historically used TSMC chips.
The company does prepare for last minute supply-chain hiccups such as the one facing TSMC and could work through any potential problems. An Apple spokesperson did not respond to a request for comment on Sunday.
A bellwether for the chip industry as well as an early indicator of iPhone demand, TSMC heads into its busiest quarters grappling with waning enthusiasm for the high-powered chips used to mine digital currencies. Now it is also dealing with internal security holes. Cyber crime could cost businesses as much as $8-trillion in damage over the next five years, according to the World Economic Forum.
"We now realise it is not possible for humans not to make mistakes, so now we are inventing a new mechanism that will go online soon. The mechanism doesn’t require human intervention," Wei said.