1. Wafer scrapped tens of thousands of pieces: TSMC installed a new machine without anti-virus;
According to the micro-network news, the impact of computer poisoning incidents in the three major power plants of TSMC exceeded expectations. TSMC said that it is estimated that this incident will impact the third quarter revenue by about 3%, affecting the gross profit margin by about one percentage point, but the annual revenue outlook is not However, TSMC pointed out that 80% of the machines poisoned by the three major factories have resumed production, and they are confident that they will return to normal on Sunday.
According to sources, TSMC was invaded by computer viruses at about 5 or 6 pm last Friday and spread to the three major factories at 10 o'clock that night. According to the TSMC announcement, about 40 hours after the incident, 80% of the machines have been restored. Taiwan production operations are expected to eliminate computer viruses after the critical 60-hour 'detox action'; but it is about one day slower than originally expected, and the impact revenue is also larger than expected.
TSMC issued a major message on Saturday afternoon, stating that the cause of the incident was mainly due to 'the operation error of the new machine in the process of installing the software'. When the virus was connected to the internal computer network of TSMC in the new machine, the virus spread, but The integrity and confidential information of the company's data have not been affected; the company has taken measures to make up for this security issue, and will further strengthen information security measures.
TSMC engineers pointed out that TSMC's wafer fabrication and testing machines are all externally purchased, and the software system is filled by the manufacturers. After the machines are sent to the factory for installation, they must be cleaned according to the standard operating procedures (SOP). It is the third-party or TSMC employee who did not act according to the SOP and pre-installed the program installed on the USB machine to allow the virus to spread when the new machine was connected to the company's internal computer network.
TSMC's supply key revealed that TSMC was attacked by the virus, which led to the eight-inch factory and the twelve-inch factory of Zhuke, as well as the Fab of the Chinese Fab and the Fab of the South Fab. Among them, the most severely affected was the Chinese Fab. Fifteen, the local is the main production center of TSMC 7nm; the 7nm and 12nm processes of Nanke Fab XIV and Zhuke 12 are affected. In other words, including Apple, AMD, Huida, MediaTek, Xilinx, etc. Dachang wafer products are affected.
TSMC pointed out that it is confident that the number of wafer shipment delays in the third quarter will be replenished in the fourth quarter. The full-year outlook is in US dollars, and the high single digit growth released by the law on July 19 will remain unchanged. .
According to the impact of TSMC yesterday, the virus infection will lead to an increase in wafer shipment delay costs, meaning that scrap silicon wafers are higher than the previous day's estimate. The impact of TSMC's revenue for the third quarter is about 100. In three parts, the number of scrapped wafers exceeds 10,000.
2. TSMC exposure: Whether the US is involved in observation, the Nanjing plant has not been implicated;
TSMC has a computer virus infection incident. The security experts have cut into the observation from three angles. It is imperative to master human factors and implement intranet management. In the future, the United States will not be sent to TSMC to conduct intensive anti-intrusion operations.
The outside world is highly concerned about the recovery of computer virus infection in TSMC. TSMC explained this afternoon that the cause of the virus infection was that the new machine was operating incorrectly during the installation of the software, so the virus spread when the new machine was connected to the company's internal computer network. Case.
TSMC pointed out that it has already controlled the scope of virus infection and found a solution. By 2 pm yesterday, about 80% of the affected machines have returned to normal. It is expected that all affected machines will return to normal before August 6.
TSMC said that the company's data integrity and confidential information have not been affected, and measures have been taken to make up for this security issue, and information security measures will be further strengthened.
Mao Jinghao, director of the Zi'an Institute of Technology, accepted a visit by the Central News Agency. The computer virus infection incident of TSMC should be based on 'how the virus invades', 'why the virus spreads', and 'why the virus spread so fast' Angle cut into observation.
First of all, the virus program is only a common name. The key point is that the enterprise security problem is a human factor. Whether it is a general virus program or a malicious program, it is designed by a specific person.
In the process of setting up the new machine, there should be no virus or malicious programs. If the virus program invades, it should be further questioned. Is the operating system of the new machine itself first implanted with a virus or malicious program, or what the engineer did? Things, let the virus or malware be implanted in the new machine.
Secondly, Mao Jinghao pointed out that the spread of virus programs or malicious programs, in addition to networking, the internal network firewall isolation is not exactly implemented, the network segment is not strictly controlled security, the implementation of isolation control, is also one of the key factors.
Furthermore, virus programs or malicious programs will spread so quickly, which is against the weakness of the intranet.
Anonymous industry insiders speculate that TSMC’s virus infection caused some factories to crash, which may be caused by internal employees operating the virus invading the private cloud system in Hsinchu, through the private cloud internal computer integrated manufacturing system (CIM) dispatch system. , distributed to Zhongke and some parts of Nanke.
The Nanjing plant, where TSMC is located in the mainland, has not been implicated. This person analyzed that it is possible that the Nanjing factory's CIM and machine information are combined, but the Nanjing factory's customer data and process confidential data are also returned to Hsinchu's private company. Cloud storage, why Nanjing factory is not affected by the virus, need to know more.
Yang Ruilin, research director of the Industrial Technology International Strategy Development Institute of the Industrial Technology Research Institute, said in an interview with the Central News Agency that the situation of large-scale enterprise security systems is usually human factors. Human factors include external hacking attacks, including internal staff negligence and personnel deliberate.
Yang Ruilin said that TSMC has ruled out external hacking attacks, but it is hard to imagine that the security situation will occur in the disciplined TSMC.
Mao Jinghao said that TSMC is an index semiconductor company that implements a very solid asset security. He is surprised to see that there will be a computer virus infection incident this time.
Unnamed industry sources pointed out that it is impossible to rule out the potential attack of hackers' voices, and TSMC is the world's most important wafer manufacturer. TSMC has mastered important customers and technical secrets of the US semiconductor industry, and key equipment is also in the United States. Related to, TSMC has a close stake in the United States. In the future, whether US government agencies will send personnel to Taiwan to conduct intensive anti-invasion operations at TSMC, which can be further observed.
Observing the follow-up development of virus infection in some factories in TSMC, Yang Ruilin pointed out that this should be 'small short and long space' for TSMC. It can grasp the complex security problems to the source in one day, show the rapid response capability of TSMC, and let TSMC actually Facing the security situation and accumulating valuable experience.
Mao Jinghao said that TSMC's infection from Hsinchu to some parts of Nanke was also a sign that enterprises are entering the industry 4.0 and smart manufacturing stage. At the same time, the security protection is an important issue that must be actively maintained and promoted.
3. TSMC is infected with viruses.
On the evening of the 3rd, TSMC was infected with viruses by some of the machines, causing the production of the three fabs to stop. In this regard, after a day of tracing, TSMC said today that the cause of the virus infection was 'the new machine was in the process of installing the software. Operational errors'. The director of domestic large-scale enterprises said that the virus is mainly from the system in the new machine. TSMC may not implement the anti-virus SOP, which is a security hole.
In the afternoon, TSMC issued a remark that the computer virus was infected in the evening of the 3rd, affecting some computer systems and factory machines in Taiwan. The degree of virus infection varies from factory to factory. The reason for the virus infection is the process of installing software on the new machine. The operation error occurred, so the virus spread when the new machine was connected to the company's internal computer network, but TSMC's data integrity and confidential information were not affected.
The director of domestic large-scale enterprises said that the machine that TSMC calls should be the machine used to manufacture the wafer. The machine that manufactures the wafer is actually driven by the computer, and the production materials are collected. Line progress, yield, etc. So the machine is not only connected to the computer, but also can be regarded as a small computer.
The director of the security department said that from TSMC's reconsideration, the virus may be mainly from the program system of the new machine. When the new machine is to be installed, the staff may not fully implement the anti-virus work, or there may be no machine to clean the virus at all. SOP. ' Ten thousand machines, as long as one is poisoned, it will infect other'. Because the machine itself is interconnected, the virus spreads quickly.
The supervisor pointed out that everyone knows that TSMC has strict control over information equipment. Employees cannot bring mobile phones, computers, and USB into the company. However, TSMC may not have the same control intensity on the machine. In short, this is newly discovered. Security vulnerability.
The supervisor said that there may be two ways to spread the virus. The first is that all three fabs have new machines installed, and at the same time operational errors. The second is between the fab and the fab. Lutong, so the virus spread from the first fab to other factories. If it is the second situation, customer confidence will be greatly affected.
As for whether it is possible that TSMC has not implemented anti-virus, but a new virus has caused trouble? The supervisor said that if there is no virus of the same kind in the world after 3 or 5 days, it is necessary to confirm whether it is a customized virus, that is, For TSMC, 'in this case, it is obvious that the specific attack on TSMC'. The rumor is a blackmail virus, but he said that the ransomware needs a network environment and is unlikely to occur in the production line after physical isolation.
4. TSMC is one of the secrets;
TSMC faced the biggest threat of security in history. It is understood that including Chairman Liu Deyin and President Wei Zhejia, they are in the first place to grasp the information and demand full anti-blocking 'epidemic' spread. Although every weekend, TSMC's security personnel also stopped. Back to the post, the rough estimate mobilized hundreds of personnel security engineers, in order to completely 'detoxification' within 60 hours; at the same time, the company also actively explained the content and impact of the event to the customer.
It is said that the culprit is a virus called 'Wanting to Cry', which has strong appeal and destructive power. Even the international giants with the highest specification of security technology such as TSMC are suffering.
Although TSMC did not further explain the internal mobilization situation, in the major domestic online forums, many TSMC employees or relatives have talked about this matter. Many people mentioned that after the incident, they stopped 'stopping' and 'rushed back. The factory handles the problem' and other conditions.
The poisoning incident, including major manufacturers such as Apple and Huida, was affected. TSMC also actively contacted customers. TSMC stressed that after the incident, most customers have received relevant event notifications, and TSMC is also working with customers. Work closely together to communicate wafer delivery schedules and will communicate detailed information to individual customers in the coming days.
For the first time, the TSMC production line was plagued by poisoning by the control system. It is a heavy hammer for TSMC, which has always been regarded as a safety protection drip, and especially after the retirement of TSMC founder Zhang Zhongmou and former information chief Zuo Dachuan. , but also caused a lot of speculation.
In the flood control forum held by the newspaper, Zuo Dachuan once shared the TSMC flood prevention strategy and practice for the first time. He revealed that TSMC was attacked by viruses and hackers thousands of times a day, but TSMC has strict multi-layer protection. .
However, TSMC was still on the 3rd of August. Because of the mistakes in the process of installing the software in the operation of the new machine, the operator did not follow the standard operating procedures and pre-installed the program installed on the USB machine. The virus spreads when the new machine is connected to the company's internal computer network.
TSMC has been the biggest threat to Zi'an in history. One mistake made TSMC's revenue this quarter short of about 7.8 billion yuan, which is not a small price.
Economic daily
5. Foreign capital talks about virus incidents, reminds Taiwan to tighten the clockwork
On the evening of the 3rd, TSMC was infected by computer viruses, affecting some computer systems and factory machines in Taiwan. About 80% of the affected machines returned to normal yesterday (5), and it is expected to return to normal today (6). Researcher Lu Xingzhi believes that according to the current situation, although the impact is there, it will not destroy customer confidence, but will cause TSMC to “tighten the clockwork”.
Foreign-funded analysts said that due to the tight security of TSMC's information, the staff usually cannot carry any personal electronic products into the production line, and even the mobile phone must use the internal special machine of TSMC. Therefore, this time, due to the ripple of USB, some systems and machines of TSMC are caused. The Taiwan virus was infected by the computer virus, which made the market feel unexpected. But in the positive direction, this also gave TSMC a re-examination of whether the security is sufficiently confidential, not a bad thing.
In particular, the affected Zhuke 12 factory is not only shouldering the burden of 7 nanometers, but also has other cutting-edge processes intensively research and development. Analysts said that TSMC’s share price may be subject to losses exceeding expectations and emotional impact, in case the stock price falls. Too much violent, international funds will be regarded as a great opportunity to lay out next year's growth, and the buying power on dips will be very large.
According to a report released by TSMC, it is estimated that the virus infection will delay wafer shipments and increase costs. The impact on revenue in the third quarter is about 3%, and the gross profit margin impact is about 1 percentage point.
Not only TSMC is confident that it will fully replenish wafer deferred shipments this quarter in the fourth quarter. Foreign analysts also believe that TSMC's 7nm process contribution is getting higher and higher. Under the 7nm sprint blessing, The annual high single digit growth expectation is unchanged. In other words, the long-term strong competitive advantage can effectively dilute the short-term impact.
According to KGI's analysis, TSMC's 7nm process customers include: Apple, AMD, Nvidia, Qualcomm, Xilinx, HiSilicon, MediaTek, Bitcoin, etc. The overall 7nm process will account for 10% of TSMC's revenue this year. Greatly evolved to 30% next year, highlighting the demand is quite strong.