Cyber Espionage Groups Target Taiwan's Semiconductor Sector Amid Rising Tensions

In recent months, cyber espionage groups associated with China have significantly increased their targeted campaigns against Taiwan's semiconductor sector, as indicated by research from Proofpoint, a cybersecurity firm based in Sunnyvale, California. The analysis highlights a noticeable rise in hacking activities occurring between March and June, involving at least three groups with ties to China, with some assaults still ongoing. These intrusions are part of a larger strategy aimed at collecting intelligence on Taiwan’s vital chip industry, especially given the escalating tensions surrounding U.S. export restrictions and China's initiatives to bolster its domestic semiconductor production.

According to Mark Kelly, a threat researcher at Proofpoint, this surge in activity has led to the targeting of entities that had not previously been on the radar of cyber attackers. The malicious campaigns aim at 15 to 20 organizations, including both small firms and large multinational corporations, along with analysts working within a central U.S.-headquartered bank. While researchers have opted not to disclose specific targets or confirm the success of these hacking attempts, it is evident that the semiconductor industry has become a focal point for these cyber operations.

The tactics employed by hackers varied widely. One strategy involved the use of compromised email accounts from Taiwanese universities to impersonate job seekers, facilitating the sending of malicious PDF documents or password-protected files to employees at semiconductor firms. Another method featured a fictitious investment firm that aimed to deceive analysts who specialize in Taiwan’s chip market.

Although the specific companies targeted were not mentioned, it is known that Taiwan hosts prominent semiconductor manufacturers, such as TSMC, MediaTek, UMC, Nanya, and RealTek. Most of these companies either declined to comment on the situation or did not respond to inquiries. A spokesperson from the Chinese embassy in Washington stated that China condemns all forms of cybercrime and recognizes itself as a victim of such activities. In a separate confirmation, the Taiwanese cybersecurity firm TeamT5 reported a rise in email attack incidents but noted that these attacks have not yet become widespread. They pointed out that the semiconductor sector has historically attracted the interest of sophisticated hacking groups linked to China. TeamT5 mentioned a particular incident in June, where a group named Amoeba targeted a chemical company involved in the semiconductor supply chain, illustrating the hackers' focus on industries adjacent to the chip manufacturing sector as well.