Apple depot repair vendor CSAT Solutions has been hit with a ransomware attack that calls its overall security into question — and is causing extended mail-in repair times and in some cases lost customer hardware.
The attackers provided screenshots of internal tools used by CSAT and posted screenshots of computer directories online. The attack appears to be directly on CSAT and not on the computers being repaired at the facility.
In order to rectify the situation and ensure consumer hardware was not impacted by the attack, repair times have been be extended to perform additional checks. Anyone who has shipped their Mac to Apple within the last two weeks could be affected by the delay.
Only thing you can do is be very patient with the situation, deal with more CRU's and pretty much deal with the customer backlash.— Fudge (@choco_bit) December 8, 2020
Personal opinion but it's highly likely this will continue (to some extent) into January 2021
Known Apple leaker Fudge shared the details of the leak and shared concerns on Twitter. The leaker's connection with Apple Authorized Service Providers made them concerned over the security implications for Apple users. Fudge urges anyone receiving their computers from Apple repair to do a full DFU restart, though that may not be warranted. AppleInsider does concur with the leaker's advice to perform a clean install of the operating system for any returned device for the foreseeable future.
A report from iTWire details the attack, stating it was conducted using "NetWalker," an attack that only works on Windows. This means the attack should have only affected the CSAT systems and likely not the Macs they were working on.
Apple does use a variety of other depot-level repair facilities and does do some repairs in-house at Apple Stores, so not every repair will be affected. Apple is able to divert repairs to other facilities while those currently at CSAT are evaluated or replaced.
AppleInsider has reached out to Apple for comment.