The hacker group Sarcoma has claimed responsibility for a cyberattack on Taiwanese printed circuit board (PCB) manufacturer Unimicron. The cybercriminals assert that they have stolen 377 GB of SQL files and internal documents, releasing samples of the compromised data. They are now threatening to disclose the entire dataset publicly unless the company pays a ransom.
Unimicron is one of the world’s leading manufacturers of flexible and rigid printed circuit boards, HDI boards, and IC substrates. The company operates factories and service centers in Taiwan, China, Germany, and Japan, supplying components used in monitors, computers, peripherals, and smartphones.
According to a bulletin published on the Taiwan Stock Exchange (TWSE) website, the attack took place on January 30, primarily affecting Unimicron Technology (Shenzhen) Corp., the company’s Chinese subsidiary. While Unimicron acknowledged the incident, it downplayed its impact, stating that operations remain largely unaffected. The company has not confirmed a data breach, despite Sarcoma’s release of sample files. To investigate the intrusion and bolster cybersecurity defenses, Unimicron has engaged third-party security experts.
Sarcoma is a relatively new but rapidly expanding cybercriminal syndicate, having launched its first wave of attacks in October 2024. Within its first month of operation, it claimed 36 victims. By November, Cyfirma analysts identified Sarcoma as an emerging high-risk threat, and in December, Dragos listed the group among the most dangerous adversaries targeting industrial organizations.
The group’s tactics involve phishing campaigns, exploitation of known vulnerabilities, and supply chain attacks. Once inside a network, Sarcoma leverages Remote Desktop Protocol (RDP) vulnerabilities, moves laterally across systems, and exfiltrates sensitive data. While the exact tools and malware employed by the group remain under investigation, the sophistication of their operations suggests a high level of expertise.
Security experts warn that the breach at Unimicron could trigger follow-up attacks on the company’s partners or facilitate the spread of additional malware. However, it remains unclear whether Unimicron will engage in negotiations with the attackers or choose to resist their demands.
