{ "id": "27341128-f459-41c7-a582-37b4319cdc96", "created_at": "2026-04-06T00:06:40.226046Z", "updated_at": "2026-04-10T13:11:34.708129Z", "deleted_at": null, "sha1_hash": "1c2348582adccd56e22d526943bb7afe988687be", "title": "Thanks for the memories... now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks '5% of stolen files'", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 268158, "plain_text": "Thanks for the memories... now pay up or else: Maze ransomware\r\ncrew claims to have hacked SK hynix, leaks '5% of stolen files'\r\nBy Shaun Nichols\r\nPublished: 2020-08-20 · Archived: 2026-04-05 14:19:04 UTC\r\nThe Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked\r\nsome of the files it stole.\r\nThe South Korean semiconductor giant could not be reached for comment. For what it's worth, the Maze crew\r\ndoesn't tend to need to fib about these sort of things. When it claims to have infiltrated a victim – and it has pwned\r\na great deal of organizations lately – it usually publicly shares data stolen from the compromised network as\r\nproof.\r\nAnd such is the case with SK hynix. Here's a screenshot of the Maze crew's website announcing the infiltration of\r\nthe manufacturer's network, and the exfiltration of its internal data:\r\nhttps://www.theregister.com/2020/08/20/maze_crew_sk_hynix/\r\nPage 1 of 2\n\nA screen-grab of the announcement ... Click to enlarge. Credit: Reg source.\r\nA 570MB ZIP archive is provided as a download from the Maze site. It is supposedly just five per cent of the total\r\namount siphoned from SK hynix, which suggests as much as 11GB was stolen by the gang after breaking into the\r\ncorp's networks and before scrambling its files to hold them to ransom.\r\nAccording to one person who has viewed the archive's contents, it appears to contain confidential NAND flash\r\nsupply agreements with Apple, and a mix of personal and corporate files, though nothing dated more recently than\r\na couple of years ago.\r\nSK Hynix is one of the largest suppliers of RAM and flash memory in the world. Their clients include the likes of\r\nApple and IBM. A crippling ransomware attack on its internal network can therefore have knock-on effects for its\r\ncustomers.\r\nFor those unfamiliar, Maze offers something of a new take on the old ransomware racket. Whereas traditional\r\nextortionware operators simply encrypt their victims' file systems, and then ask a fee to unscramble the data, the\r\nMaze miscreants take things a step further and promise to publicly leak all the stolen information if the company\r\ndoesn't pay up.\r\nThose that fail to meet the ransom demands have their corporate secrets handed out to the public. It's a pretty\r\nshady tactic, though one that has proven very effective for the hackers. The approach helped Maze get a name for\r\nitself as a crew to be feared.\r\nThe ransomware crew likes to make a show of distributing the data of companies that don't pay up. Their previous\r\nvictims include IT service provider Cognizant, Texas-based VT Aerospace, and semiconductor giant MaxLinear.\r\nIn June, it extorted a New York architecture firm when it intended to go after a Canadian standards body. ®\r\nA hat-tip to the Register reader who alerted us to the SK hynix update on the Maze website.\r\nSource: https://www.theregister.com/2020/08/20/maze_crew_sk_hynix/\r\nhttps://www.theregister.com/2020/08/20/maze_crew_sk_hynix/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.theregister.com/2020/08/20/maze_crew_sk_hynix/" ], "report_names": [ "maze_crew_sk_hynix" ], "threat_actors": [], "ts_created_at": 1775434000, "ts_updated_at": 1775826694, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/1c2348582adccd56e22d526943bb7afe988687be.pdf", "text": "https://archive.orkl.eu/1c2348582adccd56e22d526943bb7afe988687be.txt", "img": "https://archive.orkl.eu/1c2348582adccd56e22d526943bb7afe988687be.jpg" } }