On February 1, leading printed circuit board (PCB) manufacturer Unimicron (3037.TW) publicly disclosed a ransomware attack on its China-based subsidiary Unimicron Technology (Shenzhen) Corp. that occurred on January 30. The company stated that the impact was limited, and it had engaged an external cybersecurity forensic team to investigate the breach and strengthen its defense systems. However, Unimicron did not confirm whether any sensitive data was stolen.

Now, ransomware group Sarcoma has claimed responsibility for the attack, alleging that it has exfiltrated 377GB of SQL files and confidential documents from Unimicron's systems. The hackers have published samples of the stolen files and threatened to leak the entire dataset if Unimicron fails to pay a ransom by February 20. Cybersecurity firm Hackmanac reported that the leaked samples appear authentic.

Sarcoma: A Rising Threat in the Cybercrime Landscape

Sarcoma is a relatively new ransomware operation that launched its first attacks in October 2024 and quickly became one of the most active ransomware groups, claiming 36 victims within its first month. Cybersecurity researchers at CYFIRMA have warned that Sarcoma is rapidly emerging as a significant threat due to its aggressive expansion and growing victim count.

In December 2024, operational technology cybersecurity firm Dragos identified Sarcoma as one of the most critical new threats targeting industrial organizations worldwide.

Unimicron added on Sarcoma's list of victims

Tactics & Attack Methods

According to Red Piranha, Sarcoma hackers primarily infiltrate networks through phishing emails and the exploitation of unpatched vulnerabilities (n-day exploits). In some cases, they have also conducted supply chain attacks, using third-party service vendors to gain access to their clients' networks.

Once inside a target's system, Sarcoma employs Remote Desktop Protocol (RDP) exploitation, lateral movement, and data exfiltration techniques to maximize damage before deploying ransomware encryption.

While the exact tools and tactics used by Sarcoma remain under analysis, experts suggest that the group's sophisticated attack strategies indicate significant experience in cybercrime operations.

Potential Impact on Unimicron & the PCB Industry

As one of the world's largest PCB manufacturers, Unimicron operates factories and service centers in Taiwan, China, Germany, and Japan. The company produces rigid and flexible PCBs, high-density interconnect (HDI) boards, and integrated circuit (IC) carriers, which are widely used in LCD monitors, computers, peripherals, and smartphones.

If Sarcoma's claims prove true, the leaked data could pose serious risks to Unimicron's supply chain security, intellectual property, and customer confidentiality.

As of now, Unimicron has not provided an official response regarding Sarcoma's allegations. BleepingComputer has reached out to the company for further clarification but has yet to receive a statement.

The case highlights the increasing cybersecurity threats facing the global semiconductor and electronics manufacturing industries, emphasizing the urgent need for stronger defense measures against evolving ransomware attacks.