Chinese State-Linked Hackers Step Up Espionage Campaign Against Taiwan’s Chip Sector

Cyber-security researchers say at least four China-aligned hacking crews have mounted a concerted spy campaign against Taiwan’s semiconductor industry and the financial analysts who track it, underscoring the strategic stakes of the global “chip wars.” Between March and June, the groups sent waves of tailored phishing emails to roughly 20 organisations involved in chip design, fabrication, testing and supply-chain logistics, as well as to analysts at a US-headquartered international bank.

New threat clusters surface

Proofpoint, which detailed the activity in a report this week, has given provisional codenames to three previously unseen actors, UNK_FistBump, UNK_DropPitch and UNK_SparkyCarp, and tied a fourth, UNK_ColtCentury, to earlier China-attributed operations. Analysts say the motivation is “most likely espionage,” aimed at accelerating Beijing’s drive for semiconductor self-sufficiency as US export controls tighten.

Varied playbooks, common goal

• UNK_FistBump used hacked Taiwanese university email accounts to pose as job seekers, sending poisoned résumé files that dropped Cobalt Strike beacons or a custom backdoor dubbed “Voldemort.”

• UNK_DropPitch targeted equity analysts by faking messages from a sham investment firm, luring victims to download DLL-based malware loaders named “HealthKick.”

• UNK_SparkyCarp relied on spoofed “account security” alerts that redirected users to phishing sites and harvested credentials.

• UNK_ColtCentury built rapport through benign exchanges before unleashing the Spark remote-access trojan.

Attackers frequently exploited smaller suppliers and peripheral industries such as chemicals and logistics, where cyber defences are weaker, to pivot toward larger chipmakers, according to Taiwan-based security specialists.

Industry silent, China denies wrongdoing

Major Taiwanese chip companies, including TSMC, MediaTek, UMC, Nanya and RealTek, either declined comment or did not respond to enquiries. No breaches have been publicly confirmed. China’s embassy in Washington reiterated Beijing’s long-standing position that it opposes cybercrime and is itself a victim of foreign hacking.

Growing pressure on a strategic chokepoint

Taiwan produces more than 60 percent of the world’s semiconductors and nearly all advanced logic chips. With Washington restricting China’s access to cutting-edge fabrication tools and know-how, analysts say electronic espionage has become a key avenue for Beijing to narrow the technology gap. Proofpoint researchers warn that entities once below the radar are now squarely in the crosshairs.

Defensive measures

Taiwan’s government has urged firms across the chip supply chain to harden email security, enforce multifactor authentication and share threat intelligence with sector-wide information-sharing centres. Meanwhile, international investors are watching closely for any sign that intellectual-property theft could disrupt production or erode the island’s competitive edge.

With geopolitical tensions still high and digital systems ever more intertwined, security experts expect the phishing waves to continue, evolving as quickly as corporate defences improve.

Photo Credit: DepositPhotos.com