Hackers linked to China would have led coordinated attacks on the Taiwan semiconductor industry. The attacks would have happened between March and June 2025, with some operations still ino.
The information is from the Proofpoint cyber security company, that attributed the activity to at least three groups aligned with ChinAE, until then, unocued: unk_fistbump, unk_droppitch and unk_sparkycarp.
A fourth group, unk_coltcentury (also tracked as Tag-100 or Storm-2077), tried to build confidence with its targets before deploying a remote access trojan (RAT) known as Spark.
Related News:
Targets and motivations
Analysts believe these attacks are part of the Beijing Long Term Initiative for Semiconductor Autossufficiency. As it would be driven by US export restrictions and Taiwan dominion in the manufacture of advanced chips.
Hackers focused on organizations involved in design, manufacture, testing and semiconductor supply chains. They are also targeted by investment analyst attacks that monitor the Taiwan semiconductor sector.
Proofpoint estimates that 15 to 20 organizations were targeted. Among them, medium -sized companies to large global corporationsbesides analysts of at least one international bank based in the US.
The leading Taiwan, TSMC, MediaTek, UMC, Nanya and Realtek chip manufacturers have refused to respond to comments, so it is not known which they would have been successfully invaded. According to Proofpoint, the attacks were motivated for espionage purposes.
Used tactics
The attacks used various tactics. UNK_FistBump has launched Spear-Phishing attacks from compromised email accounts of Taiwanese universities. They were passing by job candidates and attached the malicious files disguised as PDF curricula.
If the files were opened, they would drive the implementation of beacons Cobalt Strike or one Custom Backdoor based on C known as Voldemortpreviously linked to attacks to more than 70 organizations around the world.
On the other hand, Unk_Droppitch targeted financial analysts from large investment companies. Hackers disguised employees of a false investment company and provided malicious PDF links that downloaded ZIP files containing DLL -based payloads.
These malicious DLL files, when executed, IBackdoor Healthkick Backdoor or opened a reverse connection with hacker -controlled servers.
Unk_sparkycarp used a different tactic, Submitting False Emails of Accounts that led victims to phishing sites like ACCSHEELDPORTAL[.]com. This is the oldest trick that exists, with hackers using a personalized tool to intercept and steal login credentials.
Increased tensions
Teamt5, a Taiwanese cyber security company, reported an increase in email threats directed to the Taiwan semiconductor industry. She noted that invaders often explore weaker defenses on smaller suppliers and related sectors.
In June, for example, A group linked to China known as Amoeba launched a phishing campaign against an essential chemical company for the semiconductor supply chain. The strategy of reaching secondary sectors highlights a broad effort to compromise the supply chain.
The scope and scale of these campaigns emphasize the growing geopolitical tension around Taiwan’s semiconductor domain. Entities that were not before in the hacker radar are now being the target of attacks.
In February, China accused Taiwan of favoring the US. In April, the US suggested that Taiwan created employees of their companies in Mexico. American sanctions to China, such as the one that has generated a billionaire damage to Nvidia, also contribute to the increase of tensions.
However, not everything is American wins and accusations against China. According to information, US sanctions helped speed up semiconductor market in China. However, it is evident that the situation of tension, with China stating that Retalia Taiwan for putting Huawei on a forbidden list.
Chinese government response
The China embassy in Washington responded to reports reiterating that cyber attacks are a global problem and that China “firmly opposes and fights all forms of cyber crime.”
Fonte: Proofpoint.
Join the Adrenaline offers group
Check out the main offers of hardware, components and other electronics we find over the internet. Video card, motherboard, RAM and everything you need to set up your PC. By participating in our group, you receive daily promotions and have early access to discount coupons.
Enter the group and enjoy the promotions
Source: https://www.adrenaline.com.br/seguranca/china-estaria-patrocinando-ataques-ciberneticos-contra-taiwan-aponta-empresa-de-seguranca/
