The Play ransomware group has claimed responsibility for a cyberattack on Microchip Technology, a US semiconductor manufacturer. The group added Microchip to its data leak site on Tuesday, according to several cybersecurity firms. Play is known for using custom tools and executing double-extortion attacks, where it not only encrypts a victim’s files but also threatens to release stolen data.
Microchip reported last week that intruders had disrupted “certain servers and some business operations.” Upon detecting the incident, the company isolated the affected systems, shut down some services, and launched an investigation. Microchip creates products such as microcontrollers, embedded security devices, and radio frequency devices, selling them to companies in the automotive, industrial, aerospace, and defense industries. Its sales in 2024 reached $7.6 billion.
The Play group initially stated that it would give its victims 72 hours to pay a ransom before publishing stolen data.
Play ransomware targets MicrochipTechnology
“We know the timeline was extended much longer in this case since Play is just now claiming responsibility a full week after the manufacturer reported the attack to the SEC,” said Kevin O’Connor, a researcher at the U.S.-based cybersecurity firm Adlumin.
According to Adlumin, the Play ransomware operation has grown considerably over the past year, likely due to its shift to an affiliate model — which can complicate attribution for an attack. “We haven’t seen anything yet indicating if it was the core group or its affiliates that impacted the manufacturer,” O’Connor said. Play ransomware was first detected in June 2022.
According to an analysis by the Cybersecurity and Infrastructure Security Agency (CISA), the group encrypts systems after exfiltrating data and has impacted a wide range of businesses and critical infrastructure organizations in North America, South America, Europe, and Australia. “We are aware of claims made by a third party relating to the recent IT disruption we disclosed,” said a spokesperson for Microchip regarding Play’s claims. “We take this issue very seriously and have notified law enforcement.
Microchip continues to work diligently on our investigation and remediation efforts with the assistance of our external cybersecurity advisors.”
Authorities recommend businesses activate and require multi-factor authentication for corporate data access, prioritize cybersecurity by quickly fixing known bugs or exploits in computer systems, and keep software updated to ensure the latest security features are in place.