{ "id": "fc40924e-ffbe-414e-b847-03f4c0c1fe08", "created_at": "2026-04-06T01:32:29.647964Z", "updated_at": "2026-04-10T03:34:54.452417Z", "deleted_at": null, "sha1_hash": "c82bdb62ee8aea34d7bb1619519d805aa26328ba", "title": "Taiwanese Apple and Tesla contractor hit by Conti ransomware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2751765, "plain_text": "Taiwanese Apple and Tesla contractor hit by Conti ransomware\r\nBy Sergiu Gatlan\r\nPublished: 2022-01-27 · Archived: 2026-04-06 00:06:55 UTC\r\nDelta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the\r\nvictim of a cyberattack discovered on Friday morning.\r\nDelta claims to be the world's largest provider of switching power supplies and reported sales of over $9 billion last year.\r\nIn a statement shared on January 22, 2022, the company said the incident impacted only non-critical systems, which had no\r\nsignificant impact on its operations. AdvIntel \"Andariel\" platform detected the attack on January 18.\r\nhttps://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nDelta is now working on restoring systems taken down during the attack and says it hired the services of third-party security\r\nexperts to help with the investigation and recovery process.\r\nThe electronics provider also said it notified government law enforcement agencies to assist with the follow-up\r\ninvestigation.\r\nWhile Delta's statement did not say who was behind the attack, an undisclosed information security company found a Conti\r\nransomware sample deployed on the company's network, as CTWANT first reported.\r\nDelta Electronics Conti ransom note (BleepingComputer)\r\n$15 million ransom for decrypting thousands of devices\r\nAccording to negotiations between Conti and Delta (also seen by BleepingComputer), the Conti operators claim to have\r\nencrypted 1,500 servers and 12,000 computers out of roughly 65,000 devices on Delta's network.\r\nThe Conti ransomware gang asked Delta to pay a $15 million ransom for a decryptor and stop leaking files stolen from its\r\nnetwork. Also promised a discount if the company would pay quickly.\r\nWhile Delta is still reportedly working with Trend and Microsoft's security teams to investigate the incident and claims that\r\nits production has not been affected, its website is still down one week after the attack.\r\nDelta's customers can use this alternate domain while the company brings back online its main website, still down following\r\nthe ransomware attack, as The Record found.\r\n\"The Conti ransomware group revealed a specific pattern part of the Delta attack leveraging Cobalt Strike with Atera for\r\npersistence as revealed by our platform adversarial visibility. Certainly, this attack is reminiscent of the REvil Quanta one\r\naffecting one of the Apple suppliers,\" Vitali Kremez, CEO of AdvIntel, told BleepingComputer.\r\nConti is a Ransomware-as-a-Service (RaaS) operation linked to the Russian-speaking Wizard Spider cybercrime group.\r\nThe ransomware gang's operators have breached other high-profile orgs in the past, including Ireland's Department of Health\r\n(DoH) and Health Service Executive (HSE), and the RR Donnelly (RRD) marketing giant.\r\nA Delta Electronics spokesperson was not available for comment when contacted by BleepingComputer earlier today.\r\nhttps://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/" ], "report_names": [ "taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware" ], "threat_actors": [ { "id": "838f6ced-12a4-4893-991a-36d231d96efd", "created_at": "2022-10-25T15:50:23.347455Z", "updated_at": "2026-04-10T02:00:05.295717Z", "deleted_at": null, "main_name": "Andariel", "aliases": [ "Andariel", "Silent Chollima", "PLUTONIUM", "Onyx Sleet" ], "source_name": "MITRE:Andariel", "tools": [ "Rifdoor", "gh0st RAT" ], "source_id": "MITRE", "reports": null }, { "id": "110e7160-a8cc-4a66-8550-f19f7d418117", "created_at": "2023-01-06T13:46:38.427592Z", "updated_at": "2026-04-10T02:00:02.969896Z", "deleted_at": null, "main_name": "Silent Chollima", "aliases": [ "Onyx Sleet", "PLUTONIUM", "OperationTroy", "Guardian of Peace", "GOP", "WHOis Team", "Andariel", "Subgroup: Andariel" ], "source_name": "MISPGALAXY:Silent Chollima", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bc6e3644-3249-44f3-a277-354b7966dd1b", "created_at": "2022-10-25T16:07:23.760559Z", "updated_at": "2026-04-10T02:00:04.741239Z", "deleted_at": null, "main_name": "Andariel", "aliases": [ "APT 45", "Andariel", "G0138", "Jumpy Pisces", "Onyx Sleet", "Operation BLACKMINE", "Operation BLACKSHEEP/Phase 3.", "Operation Blacksmith", "Operation DESERTWOLF/Phase 3", "Operation GHOSTRAT", "Operation GoldenAxe", "Operation INITROY/Phase 1", "Operation INITROY/Phase 2", "Operation Mayday", "Operation VANXATM", "Operation XEDA", "Plutonium", "Silent Chollima", "Stonefly" ], "source_name": "ETDA:Andariel", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "771d9263-076e-4b6e-bd58-92b6555eb739", "created_at": "2025-08-07T02:03:25.092436Z", "updated_at": "2026-04-10T02:00:03.758541Z", "deleted_at": null, "main_name": "NICKEL HYATT", "aliases": [ "APT45 ", "Andariel", "Dark Seoul", "Jumpy Pisces ", "Onyx Sleet ", "RIFLE Campaign", "Silent Chollima ", "Stonefly ", "UN614 " ], "source_name": "Secureworks:NICKEL HYATT", "tools": [ "ActiveX 0-day", "DTrack", "HazyLoad", "HotCriossant", "Rifle", "UnitBot", "Valefor" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775439149, "ts_updated_at": 1775792094, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c82bdb62ee8aea34d7bb1619519d805aa26328ba.pdf", "text": "https://archive.orkl.eu/c82bdb62ee8aea34d7bb1619519d805aa26328ba.txt", "img": "https://archive.orkl.eu/c82bdb62ee8aea34d7bb1619519d805aa26328ba.jpg" } }