Sarcoma Ransomware Group Claims Breach at Leading PCB Manufacturer Unimicron

A new ransomware entity named Sarcoma has taken credit for launching an attack on Unimicron, a leading manufacturer of printed circuit boards (PCB) in Taiwan. 

The group has released several file samples they claim to have extracted from Unimicron’s network, threatening to leak all stolen data by next week unless a ransom is paid.

Yesterday, Sarcoma updated its data leak website, claiming control over 377 GB of SQL files and other documents that it alleges to have siphoned from the company.

Unimicron – A Short Background

Unimicron, a publicly traded entity, manufactures various PCBs, including rigid, flexible, and high-density interconnection (HDI) boards and integrated circuit (IC) carriers. 

One of the largest PCB manufacturers globally, the company operates facilities and customer service centers across Taiwan, Germany, Japan, and China. 

🚨Cyberattack Alert ‼️

🇹🇼Taiwan – Unimicron Technology Corporation

Sarcoma hacking group claims to have breached Unimicron Technology Corporation.

Allegedly, 377 GB of data were exfiltrated.
A sample has been leaked.
Ransom deadline: 20th Feb 25. pic.twitter.com/XDHy77N4DG

— HackManac (@H4ckManac) February 11, 2025

Its products are commonly used in a wide variety of electronics like computers, LCD monitors, smartphones, and more.

Unimicron Responds to Ransomware Disruption

The Taiwan Stock Exchange was notified through a bulletin from Unimicron that its subsidiary in Shenzhen experienced a ransomware disruption on February 1st, following the initial attack on January 30th.

Unimicron has assured its stakeholders that the impact of the attack is under control and brought in a cyber forensics team to investigate the incident and strengthen their security measures.

While Unimicron has not confirmed any data breach, the files Sarcoma posted on their ransom site appear to be authentic. 

Tactics and Threat Evolution of Sarcoma 

Sarcoma carried out its first attacks in October 2024 and rapidly became one of the most active and prolific ransomware gangs, targeting 36 victims in that month alone. 

In November 2024, cyber intelligence firm CYFIRMA cautioned, “Sarcoma ransomware is rapidly becoming a significant threat due to its aggressive tactics and increasing victim count.”

By December 2024, industrial cybersecurity intelligence provider Dragos identified Sarcoma as one of the most critical emerging threats to industrial entities globally. 

Additional insights from RedPiranha reveal that Sarcoma’s operators launch attacks primarily through phishing emails and exploiting known vulnerabilities. 

They have also been involved in supply chain attacks, leveraging relationships between service providers and their clients. 

After compromising a system, Sarcoma exploits Remote Desktop Protocol (RDP), performs lateral movements, and extracts data.