Ransom Monitor

Ransom! SINBON Electronics Co., Ltd

Monitorman
Ransom! SINBON Electronics Co., Ltd

Victim SINBON Electronics Co., Ltd in Taiwan was targeted by the threat actor dragonforce, who conducted a prolonged cyber-attack, exfiltrating extensive sensitive data including financial records, client information, and internal documents, and subsequently prepared for publication of approximately 650,000 files. The attackโ€™s scale and duration were concealed by the companyโ€™s IT staff, prompting the threat actors to publicly disclose the breach and offer to negotiate to prevent data release. #Taiwan

Incident Details

  • Victim: SINBON Electronics Co., Ltd
  • Country: TW
  • Actor: dragonforce
  • Source: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog/?post_uuid=8bf25b2f-9d42-40d3-ad5a-0e4b162b3bcd
  • Discovered: 2026-01-02 06:24:56.732530
  • Published: 2026-01-02 05:45:29.654215

Information

  • SINBON Electronics Co., Ltd. experienced a cyber-attack carried out by the actor Dragonforce.
  • The company initially claimed the attack was quickly detected, blocked, and that files could be decrypted by a specialized organization, with no data stolen.
  • These claims are false; the breach was not anonymous, and the company always discloses the intrusion, including contact information.
  • The incident occurred over several weeks and affected both the headquarters and the U.S. subsidiary.
  • During the attack, a large volume of data was exfiltrated, including executive-level information.
  • A package of approximately 650,000 files has been assembled for publication, containing financial records, reports, client data, personal information, collaboration documents with ASML Holding N.V., production records, and evidence of product defects and financial status.
  • The IT staff apparently attempted to conceal the breachโ€™s scale from management and regulators, leading to a public disclosure.
  • Contact details have been provided to company executives for discussions on preventing data release while the company continues operations.
  • The current list of files is not final and can be expanded with additional data if needed.

Disclaimer: This post is based on public claims made by the ransomware group "dragonforce". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.

monitored by: ransomware.live